Anti-Fragile Decision-Making at the Edge

12 February 2026 • Yuriy Polyulya •

#distributed-systems #edge-computing #anti-fragile #decision-making

Prerequisites

Four autonomic capabilities have been established across the preceding articles.

Why Edge Is Not Cloud Minus Bandwidth established the context: connectivity regime s where partition is the default state, the capability hierarchy ( $\mathcal{L}_0$ – $\mathcal{L}_4$ ) that defines what the system must achieve, and the inversion thesis that positions edge systems as partition-native. The anti-fragility coefficient $\mathbb{A}$ was introduced informally there as a design goal; this article defines it formally.

Self-Measurement Without Central Observability established self-measurement: local anomaly detection with calibrated confidence estimates ( Proposition 9 ), gossip -based health propagation with bounded staleness, and Byzantine -tolerant aggregation. These mechanisms give the system accurate knowledge of its own state without central infrastructure.

Self-Healing Without Connectivity established self-healing: the MAPE-K autonomic control loop [1] , confidence-gated healing thresholds calibrated to action severity, recovery ordering by dependency, and cascade prevention. Given a detected anomaly, the system can repair itself.

Fleet Coherence Under Partition established fleet coherence: CRDT -based conflict-free state merging, Merkle reconciliation for efficient sync, and hierarchical decision authority that determines who resolves conflicts when clusters disagree after partition.

Taken together, these four capabilities define resilience: the ability to return to baseline performance after stress [2] . But resilience is not the ceiling.

A system that merely recovers from each failure is as fragile at reconnection as it was before the partition began. Every failure event and every degraded-operation period carries information about the system and its environment. This article addresses how to extract that information systematically — improving future performance rather than restoring past performance.

The distinction is not philosophical. In adversarial and non-stationary environments, a system that learns from stress becomes progressively harder to degrade [3] . A system that only recovers remains permanently exploitable by any stressor it has seen before.

Overview

anti-fragile systems improve from stress rather than merely surviving it. Each concept integrates theory with design consequence:

Concept	Formal Contribution	Design Consequence
Anti-Fragility	Convexity: $d^2P/d\sigma^2 > 0$	Design response functions that gain from variance
Stress-Information	$I = -\log_2 P(\text{failure})$	Prioritize learning from rare events
Online Optimization	UCB, EXP3, Thompson Sampling; EXP3 minimax regret $O(\sqrt{TK \ln K})$	Converge to optimal parameters; degrade gracefully under partition
Judgment Horizon	$d \in \mathcal{J} \Leftrightarrow I > \theta_I \lor P > \theta_P \lor \ldots$	Route high-stakes decisions to humans
Model Failure	Taxonomy: drift, adversarial, distributional	Defense-in-depth for each failure class

This extends anti-fragility theory (Taleb, 2012) [4] and online learning (Auer et al., 2002) [5] for contested edge environments.

Notation Alignment. Definition and proposition numbers in this article are sequential within this post. Cross-references to other parts in this series use the target article’s local numbering. Where series-canonical numbers are cited (e.g., in cross-post term shortcodes), the URL anchor is the authoritative reference. Series-canonical numbers for all definitions and propositions are listed in Why Edge Is Not Cloud Minus Bandwidth.

Opening Narrative: RAVEN After the Storm

RAVEN swarm, time $t = T_0 + \Delta T$. At $t = T_0$, parameters were design-time estimates: formation spacing $d_f = 200$m (illustrative value) fixed, gossip interval $\tau_g = 5$s (illustrative value) fixed, $\mathcal{L}_2$ (local coordination capability) threshold $\theta_C = 0.3$ (illustrative value).

At $t = T_0 + \Delta T$, parameters are learned from operation: formation $d_f \in [150, 250]$m (illustrative value) adaptive, gossip $\tau_g \in [2, 10]$s (illustrative value) adaptive, threshold $\theta_C = 0.25$ (illustrative value).

Each stress event (partition, failure, adversarial action) provides information $I(\sigma)$. The learning mechanism extracts this information to update parameters: the new parameter value $\theta_{t+1}$ steps from the current value $\theta_t$ in the direction that most improves utility $U$, scaled by learning rate $\eta$.

$\theta_{t+1} = \theta_t + \eta \cdot \nabla_\theta U(\theta; \sigma_t)$

where $\nabla_\theta U$ is the gradient of utility with respect to parameters, computed from stress response.

Anti-fragile systems convert stress into improvement. Performance at $T_0 + \Delta T$ exceeds $T_0$ - not from external updates, but from architecture designed to learn from operational stress.

Defining Anti-Fragility

“Resilient” and “anti-fragile” are often used interchangeably, but they describe fundamentally different behaviors. A resilient system returns to baseline after stress; an anti-fragile system finishes in a better state than it started — the stress itself was the improvement mechanism. The distinction is formalized as convexity of the performance function in stress magnitude ($d^2P/d\sigma^2 > 0$). This is not a metaphor — it is a testable property: if performance after recovery exceeds pre-stress performance, the system is anti-fragile. The coefficient $\mathbb{A} = (P_1 - P_0)/\sigma$ makes improvement per unit stress quantifiable.

Anti-fragility requires deliberate feedback from stress events into policy updates. A system that passively absorbs stress and returns to baseline is resilient, not anti-fragile. The feedback loop adds latency and complexity. There is also a safe operating envelope — stress beyond $\sigma_{\text{max}}$ exceeds the system’s recovery capacity and produces catastrophic failure, not improvement.

Beyond Resilience

In RAVEN , a partition event forces 47 drones to maintain coordinated operations without backhaul — and the swarm that navigates that partition emerges with tighter inter-drone coordination parameters than it had before. In CONVOY , each fault injection stress-tests ground-vehicle spacing algorithms against conditions that pre-deployment calibration never encountered. In GRIDEDGE , each islanding event forces the power distribution node to recalibrate load-shedding thresholds in isolation. In each case the stress event is the improvement mechanism: the system at day 30 outperforms the system at day 1 precisely because it was stressed, not despite it.

Definition 79 (Anti-Fragility). A system is anti-fragile if its performance function $P(\sigma)$ is convex in stress magnitude $\sigma$ within a useful operating range $[0, \sigma_{\text{max}}]$ :

(Notation: here $P(\sigma)$ denotes system performance as a function of stress $\sigma$ — distinct from probability $P(\cdot)$ used elsewhere in this series. Where ambiguity could arise, performance is written $P_{\text{perf}}(\sigma)$ .)

$\frac{d^2 P}{d\sigma^2} > 0 \quad \text{for } \sigma \in [0, \sigma_{\text{max}}]$

The convexity condition tests whether the system genuinely improves under repeated stress, not merely recovers to baseline. The feedback requirement is structural: passive resilience never produces $d^2P/d\sigma^2 > 0$ because the performance gain requires that each stress event updates the system’s decision parameters.

Physical translation: $d^2P/d\sigma^2 > 0$ means the performance curve bends upward as stress increases — each additional unit of stress produces more improvement than the last. This is the mathematical signature of a system that learns faster under more pressure. The anti-fragility coefficient $\mathbb{A} = (P_1 - P_0)/\sigma$ (measured over a rolling window of at least 30 days (illustrative value) spanning partitions, fault injections, and anomaly triggers) gives the practical measure: how much did performance actually improve, per unit stress experienced? For RAVEN, if detection accuracy was 0.72 before a partition event ($P_0 = 0.72$ (illustrative value)) and reached 0.78 after parameter updates triggered by that event ($P_1 = 0.78$ (illustrative value)), and the partition severity was $\sigma = 0.4$ (illustrative value), then $\mathbb{A} = 0.06/0.4 = 0.15$ (illustrative value) — 15% improvement per unit stress.

In practice, evaluate the convexity condition over at least 10 stress events (illustrative value) before concluding the system is anti-fragile — fewer observations risk mislabeling a resilient system that happened to improve once.

By Jensen’s inequality, convexity implies $\mathbb{E}[P(\sigma)] > P(\mathbb{E}[\sigma])$ : the system gains from stress variance itself. The anti-fragility coefficient $\mathbb{A} = (P_1 - P_0)/\sigma$ measures observed improvement per unit stress, where $P_0$ is pre-stress performance and $P_1$ is post-recovery performance.

The connectivity-regime transitions formalized in Why Edge Is Not Cloud Minus Bandwidth — Denied, Intermittent, Degraded — each constitute a discrete stress event; passive resilience that merely recovers from them produces no learning signal and no improvement in $\mathbb{A}$ .

Operationalizing P: System performance is multi-dimensional, so $P$ must be defined before $\mathbb{A}$ can be computed. The series uses the primary metric as the canonical scalar: $P = \bar{\mathcal{L}} = \mathbb{E}[\int_0^T \mathcal{L}(t)\,dt]/T$ , the time-averaged capability level .

For specific sub-problems, substitute: $P = \text{MTTR}^{-1}$ (inverse mean time to recovery) for healing-speed analysis; $P = \text{F}_1$ (anomaly-detection F-score) for detection accuracy; $P = \bar{\theta}$ (average operational threshold) for threshold-learning tasks.

The denominator $\sigma \in [0,1]$ is normalized stress severity (0 = no stress, 1 = worst-case partition or hardware failure). With these substitutions, $\mathbb{A} > 0$ is falsifiable: it requires that the chosen $P$ metric is measurably higher after stress recovery than before the stress event.

In other words, an anti-fragile system does not just survive stress and return to baseline — it finishes in a better state than it started, and this improvement is proportional to how severe the stress was.

Safe Operating Envelope

The anti-fragility learning loop is only safe if the parameter space has explicit bounds. Without them, a sufficiently stressed system can gradient-descend itself into an unstable regime — unconstrained parameter evolution is a genetic algorithm without fitness cliffs.

Safe Operating Envelope (SOE): The learned parameter vector $\theta \in \mathbb{R}^d$ ($d$ = number of independently tunable parameters) must remain within pre-specified bounds:

$\theta \in [\theta_{\min}, \theta_{\max}]$

Each individual update must also be bounded in magnitude to prevent a single high-variance stress event from causing a destabilizing step:

$\|\Delta\theta_t\| < \delta_{\text{safe}}, \qquad \delta_{\text{safe}} = 0.1 \times (\theta_{\max} - \theta_{\min})$

where $\delta_{\text{safe}}$ limits per-step mutation to 10% (illustrative value) of the feasible range. A proposed update is accepted only when both conditions hold simultaneously (boundary enforcement):

$\theta_t + \Delta\theta_t \in [\theta_{\min}, \theta_{\max}] \;\land\; \|\Delta\theta_t\| \leq \delta_{\text{safe}}$

If the magnitude bound is violated, the update is scaled to $\delta_{\text{safe}} \cdot \Delta\theta_t / \|\Delta\theta_t\|$ , preserving the gradient direction while enforcing the step-size limit.

SOE bounds are necessary but not sufficient — an update within $[\theta_{\min}, \theta_{\max}]$ can still move the closed-loop system toward instability. The Lyapunov criterion enforces directional safety: a policy update is accepted only if the Lyapunov function $V(x)$ (positive definite, radially unbounded) exhibits exponential decrease:

$\dot{V}(x) = \nabla V \cdot f(x, \theta) \leq -\alpha V(x), \quad \alpha > 0$

(Notation: $\alpha$ is overloaded across this article and the series. Within this section $\alpha > 0$ is the exponential convergence rate with units $\text{s}^{-1}$ ; in this article $\alpha_Q$ and $\alpha_{\text{corr}}$ are false-alarm rates in the Q-change detector ( Proposition 62 ), $\alpha_k$ is the Beta prior shape in Thompson Sampling ( Proposition 60 ), and $\alpha$ alone denotes significance level in hypothesis tests; in Self-Healing Without Connectivity, $\alpha_{\text{margin}}, \alpha_{\text{EMA}}, \alpha_{\text{heal}}, \alpha_{\text{age}}$ denote gain scheduling, resource budgeting, and priority decay. Context and subscripts differentiate all uses — full series notation registry: Notation Registry.)

When $f(x, \theta)$ is unknown — the common case in adversarial or non-stationary environments — replace the analytic Lyapunov condition with a finite-difference estimate (data-driven verification):

$\dot{V}(x) \approx \frac{V(x_{t+1}) - V(x_t)}{\Delta t}$

Reject the proposed update if this estimate exceeds the stability threshold:

$\frac{V(x_{t+1}) - V(x_t)}{\Delta t} > -\alpha V(x_t) + \varepsilon$

where $\varepsilon$ absorbs measurement noise. On rejection, revert to $\theta_{\text{prev}}$ and log the failure mode for offline analysis.

SOE-constrained learning is confined to the stability basin (the basin of attraction):

$\mathcal{B} = \{x : \dot{V}(x) < 0\}$

Policy updates are accepted only when the post-update trajectory remains in $\mathcal{B}$ .

To prevent $\mathbb{A}$ from inflating when a policy temporarily exits the safe region, the SOE-constrained coefficient caps measured improvement at the maximum performance achieved within confirmed SOE and Lyapunov constraints:

$\mathbb{A}_{\text{constrained}} = \frac{\min(P_1, P_{\max}) - P_0}{\sigma}$

where $P_{\max}$ is the highest performance observed across trials with valid SOE and Lyapunov certificates.

Practical implementation for edge deployment proceeds in four steps. First, define $V(x)$ using a domain-specific stability metric: for altitude control, $V(x) = \sum_i (h_i - h_{\text{target}})^2$ ; for inter-vehicle spacing, $V(x) = \sum_i (d_i - d_{\text{safe}})^2$ . Second, estimate $\dot{V}$ via sample-based finite-difference over $N$ observations:

$\dot{V}(x) \approx \frac{1}{N} \sum_{i=1}^{N} \frac{V(x_{t+i}) - V(x_t)}{i \cdot \Delta t}$

Third, set $\alpha$ based on required convergence rate: $\alpha \in [0.1,\, 1.0]\ \text{s}^{-1}$ (illustrative value) covers most edge deployments; faster dynamics require higher $\alpha$. Fourth, monitor basin occupancy by tracking the fraction of time the system spends in $\mathcal{B}$ :

$\text{basin\_occupancy} = \frac{\displaystyle\sum_{t} \mathbf{1}[x_t \in \mathcal{B}]}{T_{\text{total}}}$

Alert if occupancy falls below 0.95 (illustrative value) — the system is approaching the boundary of the stability region.

RAVEN example: Set $V(x) = \sum_i (h_i - h_{\text{target}})^2$ (aggregate altitude error across the swarm). With $\alpha = 0.5\ \text{s}^{-1}$ (illustrative value) and $N = 10$ (illustrative value) gossip samples for the $\dot{V}$ estimate, each learning cycle costs 10 scalar comparisons per drone (theoretical bound under illustrative parameters). Basin occupancy below 0.95 (illustrative value) triggers a learning-rate rollback.

Watch out for: the SOE and Lyapunov constraints must be configured before the first stress event, not calibrated from observed stress outcomes; a system that derives $[\theta_{\min}, \theta_{\max}]$ and $\alpha$ from early partition data can enter a regime where the bounds themselves track toward instability, because the early data reflects the unprotected learning trajectory rather than a pre-specified safety envelope — the boundary conditions must come from domain analysis of the physical system, not from the learning history.

Definition — Composite Confidence Score ($\Psi(t)$)

The composite confidence score $\Psi(t) \in [0, 1]$ aggregates evidence of system predictability at time $t$:

$\Psi(t) = w_1 \cdot \Psi_{\text{model}}(t) + w_2 \cdot \Psi_{\text{sensor}}(t) + w_3 \cdot \Psi_{\text{action}}(t)$

where:

$\Psi_{\text{model}}(t)$ = normalized CBF stability margin $\rho_q(t) / \rho_{\max}$
$\Psi_{\text{sensor}}(t)$ = fraction of non-P_CRITICAL sensors in the active sensor set
$\Psi_{\text{action}}(t)$ = empirical healing success rate over the last $W_{\Psi}$ ticks
Weights $w_1 = 0.5, w_2 = 0.3, w_3 = 0.2$ (illustrative value) (sum to 1; calibrated for RAVEN / CONVOY configurations)

AES threshold: $\Psi_{\text{AES}} = 0.4$ (illustrative value) — AES activates when ALL three axes simultaneously exceed their respective thresholds for two consecutive evaluation cycles (AND-combined with hysteresis): battery below $E_{\text{min}}$, partition $T_{\text{acc}}$ beyond P95 Weibull, AND $\Psi(t) < \Psi_{\text{AES}}$ . Any single axis exceeding its threshold triggers heightened monitoring, not AES entry.

Definition — Decision State Cube

The Decision State Cube $(C, R, A) \in \mathcal{C} \times \mathcal{R} \times \mathcal{A}$ characterizes the operating context for each decision epoch:

$C \in \{\text{DENIED}, \text{DEGRADED}, \text{CONNECTED}\}$ : connectivity regime ( Definition 6 in Why Edge Is Not Cloud Minus Bandwidth)
$R \in [0, 1]$: normalized remaining resource budget (battery $\times$ compute headroom)
$A \in \{0, 1\}$: adversarial activity indicator (1 if the non-stationarity detector ( Definition 84 ) has fired within the last $W_A$ ticks)

Each arm selection policy, safe action filter, and escalation decision in this framework is indexed by the current cube position $(C, R, A)$. The Autonomic Emergency State (AES) corresponds to the cube corner $C = \text{DENIED},\; R < R_{\min},\; \Psi < \Psi_{\text{AES}}$ — the intersection of all three threat axes simultaneously breached.

Compound Failure Transition Sequence

When multiple threat axes degrade simultaneously, the system follows this ordered transition sequence: (1) first axis breached (any single threshold crossed) — enter heightened monitoring: double the MAPE-K tick rate and log the breach; (2) second axis breached — activate the Safe Action Filter for all non-safety-critical decisions; freeze the bandit’s arm set at current $K_\text{eff}$; (3) third axis breached (all three: battery below $E_\text{min}$, partition $T_\text{acc}$ beyond P95 Weibull, and confidence $\Psi < \Psi_\text{AES}$ ) — enter Autonomic Emergency State. This sequence prevents the AES from activating on two-axis compound failures that are recoverable, while ensuring the full three-axis compound is always escalated.

Safe Action Filter disposition in AES: upon AES entry, the Safe Action Filter ( Definition 89 ) transitions to Locked mode — it no longer evaluates reward signals and instead passes only the emergency-mode arm’s action unconditionally. The EXP3-IX weight update loop is suspended. The filter resumes normal evaluation (Gating mode) when AES conditions are cleared. AES exit requires $\Psi(t) \geq \Psi_{\text{AES}}$ AND all axes below threshold for one full evaluation window: resource $R(t) > R_\text{min}$, HLC validity restored, and $\Psi(t) > \Psi_\text{AES}$ for two consecutive evaluation ticks.

Resource-starved escape hatch: if fewer than $N_\text{min} = 3$ (illustrative value) evaluation ticks complete within a $W_\text{max} = 60$ seconds (illustrative value) window due to resource constraints (CPU throttle or battery below $E_\text{min}$), the condition-evaluation loop itself cannot run and the three-condition exit test cannot be satisfied. In this case the system defaults to the safe conservative action ( Definition 89 , Safe Action Filter) and exits the AES after $W_\text{max}$ regardless of condition satisfaction. This prevents resource exhaustion from creating a permanent stuck state in which AES cannot be exited because the ticks needed to verify the exit conditions cannot run.

Game-Theoretic Extension: Anti-Fragility as an Evolutionarily Stable Strategy

Evolutionary game theory provides a stronger justification for building anti-fragility in: in any fleet where nodes copy better-performing neighbors’ policies, the anti-fragile policy is an Evolutionarily Stable Strategy (ESS) — it cannot be invaded by fragile alternatives.

The ESS condition requires that the anti-fragile policy $\theta^*$ satisfies $f(\theta^*, \theta^*) \geq f(\theta', \theta^*)$ for all $\theta' \neq \theta^*$ , with strict inequality against any fragile mutant. Stress events always eventually occur; anti-fragile policies convert them into gains while fragile ones do not.

The ESS holds when $\mathbb{E}[\text{mission duration}] \cdot \mu_{\text{stress}} > 1$ — i.e., the expected number of stress events per mission exceeds 1. For shorter deployments, a fragile policy maximizing immediate performance may dominate.

The practical implication is to weight gossip -propagated policy updates by $\mathbb{A}$ : nodes with $\mathbb{A} > 1$ propagate their parameters more aggressively [6] . Anti-fragile policies spread faster through the fleet — exactly what ESS predicts under selection pressure.

The concept of anti-fragility , formalized by Nassim Nicholas Taleb [4] , distinguishes three responses to stress:

Category	Response to Stress	Example	Mathematical Signature
Fragile	Breaks, degrades	Porcelain cup	Concave: $\frac{d^2P}{d\sigma^2} < 0$
Resilient	Returns to baseline	Rubber ball	Linear: $\frac{d^2P}{d\sigma^2} = 0$
Anti-fragile	Improves beyond baseline	Muscle, immune system	Convex: $\frac{d^2P}{d\sigma^2} > 0$

The three archetypes map to distinct curvatures of the performance function $P_{\text{perf}}(\sigma)$ , where $P_0$ is baseline performance: fragile (concave, $d^2P_{\text{perf}}/d\sigma^2 < 0$ ), resilient (linear), and anti-fragile (convex, $d^2P_{\text{perf}}/d\sigma^2 > 0$ — as established in Definition 79 ).

Visual Comparison of Response Types:

The chart below plots performance against stress magnitude for each archetype; the key pattern is that the anti-fragile curve rises above baseline at moderate stress before turning down at extreme stress, while the fragile curve falls off immediately.

The three curves show clearly distinct behaviors. Fragile systems (red) degrade quadratically — small stresses cause small degradation, but stress compounds. Resilient systems (blue) maintain baseline — stress is absorbed but provides no improvement. Anti-fragile systems (green) improve with moderate stress, but exhibit bounded improvement — extreme stress ($\sigma > \sigma^*$) eventually causes degradation.

Real systems exhibit bounded anti-fragility : convex response for moderate stress $\sigma < \sigma^*$, transitioning to concave for extreme stress. Exercise strengthens muscle up to a point; beyond that point, it causes injury. The design goal is to keep the system operating in the convex regime where stress improves performance.

$\sigma_H$ (destructive zone onset) is a measured physical property, not a design parameter. Calibrating it requires three steps: first, run $N \geq 30$ (illustrative value) controlled stress trials at increasing $\sigma$ values, recording $A = (P_1 - P_0)/\sigma$ after each; second, fit a quadratic to $A(\sigma)$ — the root where $A = 0$ is the empirical $\sigma_H$; third, set operational $\sigma_{\max} = 0.7 \cdot \sigma_H$ as a 30% (illustrative value) safety margin.

RAVEN measurement: 30-day (illustrative value) chaos runs (visible in the anti-fragility chart) showed $A > 0$ for all partition durations up to 47 minutes (illustrative value). $A$ fell below zero at 52-minute (illustrative value) partitions — the swarm loses spatial coherence beyond drone fuel margin at that point.

Empirical $\sigma_H \approx 50$ min (illustrative value) yields $\sigma_{\max} = 35$ min (illustrative value). Any RAVEN scenario claiming anti-fragility must verify that partition duration stays below 35 minutes (illustrative value).

For systems without 30-day (illustrative value) historical data: start with $\sigma_{\max} = 10$ min (illustrative value) and extend by 5 min (illustrative value) per deployment cycle until $A(\sigma_{\max}) < 0$ is observed.

Statistical validity of $A > 0$ claims: Measuring $A = (P_1 - P_0)/\sigma > 0$ in a single trial is a point estimate, not a hypothesis test. The anti-fragility claim $A > 0$ is an assertion about the true mean performance response — a single trial has variance.

To claim statistically significant anti-fragility at stress level $\sigma_k$, apply a one-sample Welch t-test against the null hypothesis $H_0: A \leq 0$. Collect $N \geq 30$ (threshold — requires sufficient power for the one-sample t-test) independent stress-recovery cycles at $\sigma_k$, compute the sample mean $\bar{A}$ and standard deviation $s_A$, and reject $H_0$ at 95% (illustrative value) confidence when $\bar{A} / (s_A / \sqrt{N}) > t_{0.05, N-1}$ .

The 95% confidence lower bound on $A$ is $\bar{A} - t_{0.05, N-1} \cdot s_A / \sqrt{N}$ ; report this lower bound, not $\bar{A}$, as the certified anti-fragility coefficient.

RAVEN dataset: $N = 30$ (illustrative value) partition events at 47-minute (illustrative value) partitions, $\bar{A} = +0.18$ (illustrative value), $s_A = 0.09$ (illustrative value); lower bound $= 0.18 - 1.699 \times 0.09/\sqrt{30} \approx 0.18 - 0.028 = +0.152 > 0$ (illustrative value), confirming statistically significant anti-fragility . A system with $\bar{A} = +0.05$ (illustrative value) and $s_A = 0.12$ (illustrative value) at $N = 30$ yields a negative lower bound and cannot claim certified anti-fragility — more data or larger stress events are needed.

The diagram below partitions the stress axis into four operating zones, showing how performance trajectory and learning value shift as stress magnitude crosses each threshold.

    
    flowchart LR
    subgraph "sigma < sigma_low"
        A["Insufficient Stress
No learning signal
Performance: Baseline"]
    end

    subgraph "sigma_low <= sigma < sigma*"
        B["Optimal Stress Zone
Maximum learning
Performance: Improving"]
    end

    subgraph "sigma* <= sigma < sigma_max"
        C["High Stress Zone
Diminishing returns
Performance: Plateau"]
    end

    subgraph "sigma >= sigma_max"
        D["Destructive Stress
System damage
Performance: Degrading"]
    end

    A -->|"Increase sigma"| B
    B -->|"Increase sigma"| C
    C -->|"Increase sigma"| D

    style A fill:#fff9c4,stroke:#f9a825
    style B fill:#c8e6c9,stroke:#388e3c
    style C fill:#fff3e0,stroke:#f57c00
    style D fill:#ffcdd2,stroke:#c62828

Anti-Fragility Zones (derived from convexity analysis):

The performance slope $dP_{\text{perf}}/d\sigma$ is governed by information gain $I(\sigma) = -\log_2 P(\text{event}|\sigma)$ and learning rate $\eta(\sigma)$:

$dP_{\text{perf}}/d\sigma = \eta(\sigma) \cdot I(\sigma) \cdot \text{sign}(\nabla_\theta U)$

This formula determines the operating zone. The Insufficient Stress zone ($\sigma < \sigma_L$) provides near-zero information gain from common events — the system stagnates without adaptive signal. The Anti-Fragile Zone ( $\sigma_L \leq \sigma < \sigma^*$ ) is the operational sweet spot where rare events yield maximum information and the performance slope is strictly positive.

The High Stress Zone ( $\sigma^* \leq \sigma < \sigma_H$ ) shows diminishing returns as information saturates and the slope flattens. The Brittle Zone ( $\sigma \geq \sigma_H$ ) exceeds recovery capacity: information is saturated but capacity-limited, the slope turns negative, and continued exposure causes irreversible degradation. Thresholds $\sigma_L, \sigma^*, \sigma_H$ depend on system capacity and learning mechanism.

Critical warning: In the destructive zone ( $\sigma \geq \sigma_H$ ), the anti-fragility coefficient $\mathbb{A} = (P_1 - P_0)/\sigma$ becomes negative. The system is no longer anti-fragile - it is fragile. Continued stress exposure causes permanent degradation, not learning. Systems must detect when $\sigma$ approaches $\sigma_H$ and either shed load or enter protective shutdown. The anti-fragility framework provides no benefit in the destructive zone; standard resilience (minimize damage) applies.

The architecture should be designed to (1) expose the system to the optimal stress zone regularly (through chaos engineering or operational deployment), (2) avoid the destructive zone through graceful degradation and $\sigma_H$ detection, and (3) maximize information extraction when stress occurs.

Anti-Fragility Coefficient Over Time:

The anti-fragility coefficient $\mathbb{A}$ evolves as the system accumulates stress exposure and learning:

The chart below tracks $\mathbb{A}$ as a percentage of its theoretical maximum across 30 days of RAVEN operation, animating the learning curve from zero to 95% of the design ceiling.

The coefficient evolution ( $\mathbb{A}_{\max} = 0.40$ = 100%) follows a characteristic learning curve. At day 0, $\mathbb{A} = 0$ — the system has no operational learning. During days 1–10, rapid improvement reaches 65% of maximum as initial stress events (2 partitions, 1 drone loss) provide high-value information. During days 10–20, continued improvement with diminishing returns reaches 88% of maximum as easy optimizations are captured. During days 20–30, the coefficient makes an asymptotic approach to maximum (93% to 95%) as remaining improvements require rarer events.

For edge systems, stress includes partition events (connectivity disruption), resource scarcity (power, bandwidth, compute), adversarial interference (jamming, spoofing), component failure (drone loss, sensor degradation), and environmental variation (terrain, weather).

A resilient edge system survives these stresses and returns to baseline. An anti-fragile edge system uses these stresses to improve its future performance. These require different architectural choices.

Anti-Fragility in Technical Systems

How can engineered systems exhibit anti-fragility when biological systems achieve it through millions of years of evolution?

The mechanism is information extraction from stress events. Every failure, partition, or degradation carries information about the system’s true operating envelope. Anti-fragile architectures are designed to capture this information and incorporate it into future behavior.

Four mechanisms enable anti-fragility in technical systems. Learning updates models from failure data: connectivity models become more accurate with each partition event, anomaly detectors calibrate with each detected and confirmed anomaly, and healing policies refine success probability estimates with each action. Adaptation adjusts parameters based on observed conditions: formation spacing adapts to terrain-specific radio propagation, timeout thresholds adapt to observed network latency distributions, and resource budgets adapt to observed consumption patterns. Evolution replaces components with better variants: alternative algorithms compete (stress reveals which performs better), redundant pathways prove their value during primary pathway failure, and component designs improve based on failure mode analysis. Pruning removes unnecessary complexity revealed by stress: features unused during stress can be eliminated, fallback mechanisms that never activated can be simplified, and coordination overhead that stress exposed as unnecessary can be removed.

Stress is information to extract, not just a threat to survive. Every partition event teaches you about connectivity patterns. Every drone loss teaches you about failure modes. Every adversarial jamming episode teaches you about adversary tactics. An anti-fragile system captures these lessons.

Consider the immune system analogy: exposure to pathogens creates antibodies that provide future protection. The edge equivalent: exposure to jamming creates detector signatures that provide future jamming detection. But unlike biological immunity, which evolved over millions of years, edge anti-fragility must be designed - we must intentionally create the mechanisms for learning from stress.

The four mechanisms (learning, adaptation, evolution, pruning) all operate inside the same SOE-constrained safety wrapper:

    
    graph TD
    subgraph LP["Learning Phase"]
        A["Stress event σ"] --> B["Compute gradient ∇U"]
        B --> C{"SOE bounds check
is ‖Δθ‖ within δ_safe?"}
        C -->|"Exceeds bound"| D["Scale Δθ to δ_safe"]
    end

    subgraph SC["Stability Check"]
        E["Apply update θ + Δθ"]
        E --> F{"Lyapunov check
is dV/dt ≤ −αV?"}
        F -->|"Fails"| G["Revert to θ_prev"]
        F -->|"Passes"| H["Accept update"]
    end

    subgraph OUT["Outcome"]
        G --> I["Log failure mode"]
        H --> J["Update P₁ estimate"]
        I --> K["Continue operation"]
        J --> K
    end

    C -->|"Within bound"| E
    D --> E

    style C fill:#fff9c4,stroke:#f9a825
    style F fill:#ffcdd2,stroke:#c62828
    style H fill:#c8e6c9,stroke:#388e3c

SOE acts as the first guardrail — every update is magnitude-checked before being applied. The Lyapunov criterion is the second — stability is verified against observed trajectory data before the update is committed. Both checks add one $O(d)$ inner product to the learning step, where $d$ is parameter dimension.

Cognitive Map: The anti-fragility definition section establishes the theoretical foundation and its safety constraints. The convexity condition ($d^2P/d\sigma^2 > 0$) defines what anti-fragility is. The parameter update gradient ( $\theta_{t+1} = \theta_t + \eta \nabla_\theta U$ ) defines how the system learns from stress. The Safe Operating Envelope and Lyapunov criterion together define what prevents the learning from diverging. The game-theoretic extension proves why any fleet that copies successful policies will eventually converge to anti-fragile ones — it is an Evolutionarily Stable Strategy when stress events occur more than once per mission.

Stress as Information

Normal operation hides system structure. Dependencies between components are only visible when they fail — a backup radio that shares a power bus with the primary provides zero redundancy during the power transients it was supposed to guard against. You cannot discover this from logs of successful operations. Treating stress events as information sources resolves this: the Stress-Information Duality ( Proposition 57 ) formalizes $I = -\log_2 P(\text{failure})$ — rare failures carry the most learning signal. Design the system to log comprehensively on every stress event, weight parameter updates by information content, and inject deliberate failures (chaos engineering) to surface hidden dependencies before they cause production incidents.

The duality applies to stationary environments. In adversarial settings, an opponent can manipulate $P(\text{failure})$ — making previously rare failures common — which inflates apparent event frequency while reducing Shannon surprise. In contested environments, use the adversarial non-stationarity detector ( Definition 84 ) rather than rarity alone to identify high-value learning events.

Failures Reveal Hidden Dependencies

Normal operation is a poor teacher. When everything works, dependencies remain invisible. Components interact through well-defined interfaces, messages flow through established channels, and the system behaves as designed. This smooth operation provides no information about what would happen if components failed to interact correctly.

Stress exposes the truth.

CONVOY vehicle 4 experienced a power system transient during a partition event. The post-incident analysis revealed a hidden dependency: the backup radio shared a power bus with the primary radio. Both radios failed simultaneously because a transient on the shared bus affected both units. Under normal operation, this dependency was invisible - both radios drew power successfully. Under stress, the dependency became catastrophic - both radios failed together, eliminating redundancy precisely when it was needed.

The same pattern — a hidden shared resource that makes two ostensibly independent components fail together — appears across all system types, as the following examples illustrate.

Scenario	Hidden Dependency	Revealed By
CONVOY vehicle 4	Primary/backup radio share power bus	Power transient
RAVEN cluster	All drones use same GPS constellation	GPS denial attack
OUTPOST mesh	Two paths share single relay node	Relay failure
Cloud failover	Primary/secondary share DNS provider	DNS outage

Proposition 57 (Stress-Information Duality). The information content of a stress event is inversely related to its probability:

Rare failures teach the system far more than frequent ones — a once-per-year OUTPOST relay loss carries roughly ten times the learning signal of a daily packet hiccup.

$I(\text{failure}) = -\log_2 P(\text{failure})$

The proposition yields the information content (bits) of each stress event as $I = -\log_2 P(\text{event})$ ; parameter updates weighted by $I(\text{event})/I_{\max}$ after each stress event concentrate the adaptation budget on rare, high-information failures rather than distributing it uniformly across frequent low-information events. Reliable estimation of $P(\text{event})$ requires at least 30 (illustrative value) historical events per class; $I_{\max} = \log_2(1/P_{\min})$ normalizes against the rarest observed event type. A once-per-year partition carries approximately $3{-}5\times$ more learning signal than a daily hiccup, so update rules weighted by $I$ rather than event count produce proportionally faster calibration from rare stress events.

Physical translation. $I(\text{failure}) = -\log_2 P(\text{failure})$ is Shannon self-information — the number of bits needed to encode the surprise of seeing this event. A failure that occurs 50% of the time ($P = 0.5$) carries 1 bit: you already expected it. A failure that occurs 1-in-1000 times ($P = 0.001$) carries about 10 bits: the system’s model of the world was significantly wrong. The practical consequence: don’t spend equal engineering effort analyzing every alarm. Allocate analysis time proportional to $I$ — rare failures deserve $10\times$ more investigation than common ones.

Rare failures carry maximum learning value. A failure with probability $10^{-3}$ carries approximately 10 bits of information, while a failure with probability $10^{-1}$ carries only 3.3 bits.

Empirical status: The $3{-}5\times$ (illustrative value) weighting multiplier cited in the field note is a rule of thumb derived from logarithmic spacing of typical edge-system event frequencies; the exact ratio depends on the observed event-rate distribution of a specific deployment and should be calibrated from at least 30 events per class.

Stress events — failures, resource spikes, partition transitions — carry more information about system behavior than normal operation. Each failure teaches the anti-fragility layer something it couldn’t learn from steady-state observation. This is why fault injection (like FAILSTREAM’s chaos engineering) is a legitimate learning accelerant, not just a testing methodology.

Proof: Direct application of Shannon information theory. Self-information is defined as $I(x) = -\log P(x)$, which is the fundamental measure of surprise associated with observing event $x$.

Watch out for: the information measure assumes $P(\text{failure})$ is drawn from a stationary distribution — in adversarial settings, the adversary controls the jamming schedule and can drive $P(\text{failure})$ from $10^{-3}$ to $10^{-1}$ , halving Shannon surprise while increasing actual impact and causing the learning system to deprioritize its most dangerous threats; substitute the action-correlation CUSUM ( Definition 84 ) for real-time prioritization in contested environments, where the adversarial signature is correlation between defender actions and $Q$-changes rather than event rarity.

Corollary 6. Anti-fragile systems should systematically capture and analyze rare events, as these provide the highest-value learning opportunities per occurrence.

Watch out for: the information measure $I = -\log_2 P(\text{failure})$ treats stress events as drawn from a fixed marginal distribution, so measured information content is valid only in stationary environments; in adversarial settings where the adversary controls event frequency, the adversary can suppress $I$ to near zero by making harmful events common — making the most dangerous stress appear informationally cheap and therefore de-prioritized for learning, which is precisely the inverse of its actual learning value.

Design principle: Instrument stress events comprehensively. When things break, log system state immediately before failure, the sequence of events that led there, components involved in the cascade, recovery actions attempted and their results, and the final state after recovery or degradation.

This logging creates the dataset for post-hoc analysis and model improvement. The anti-fragile system treats every failure as a learning opportunity.

Partition Behavior Exposes Assumptions

Every distributed system embodies implicit coordination assumptions. Developers make them unconsciously; partition events test them empirically.

RAVEN ’s original design assumed: “At least one drone in the swarm has GPS lock at all times.” This assumption was implicit - no document stated it, but the navigation algorithms depended on it. During a combined partition-and-GPS-denial event, the assumption was violated. No drone had GPS lock. The navigation algorithms failed to converge.

Post-incident analysis documented the assumption and its failure mode. The anti-fragile response implemented three changes: GPS availability is now tracked explicitly (each drone reports GPS status; the swarm maintains a fleet-wide GPS availability estimate), fallback navigation using inertial navigation with terrain matching was added as a backup, and chaos engineering exercises now deliberately violate the assumption to test boundary conditions.

Commercial Application: FAILSTREAM Production Fault Injection

FAILSTREAM implements chaos engineering for a streaming service. Rather than waiting for production failures, FAILSTREAM deliberately injects failures - converting random stress into systematic learning.

Traditional reliability engineering minimizes failures. Chaos engineering, by contrast, induces failures in controlled conditions to discover failure modes before production incidents. The system learns from deliberate stress ( $\mathbb{A} > 0$ for induced failures) rather than only from accidental stress.

FAILSTREAM failure injection categories: The six rows below span process, availability zone, region, network, dependency, and state failure classes; the Learning Target column identifies the specific system behavior each injection is designed to exercise.

Category	Injection Method	Learning Target	Frequency
Instance failure	Terminate random compute instances	Auto-scaling, load balancing	Continuous (business hours)
Availability zone	Block traffic to entire AZ	Multi-AZ failover	Weekly
Region failure	Simulate region outage	Cross-region routing	Monthly
Network partition	Inject latency/packet loss	Timeout tuning, retry logic	Daily
Dependency failure	Block calls to downstream service	Circuit breakers, fallbacks	Continuous
State corruption	Inject invalid cache entries	Validation, recovery	Weekly

The improvement loop: Each chaos experiment follows a structured protocol; note that both paths (hypothesis confirmed and hypothesis refuted) feed back into new hypotheses, so every experiment contributes to learning.

    
    graph LR
    H["Form Hypothesis
'System handles X'"] --> E["Execute Experiment
Inject failure X"]
    E --> O["Observe Behavior
Metrics, logs, user impact"]
    O --> A{"Hypothesis
Validated?"}
    A -->|"Yes"| C["Confidence Increased
Document resilience"]
    A -->|"No"| F["Fix Discovered
Implement improvement"]
    F --> R["Re-run Experiment
Verify fix"]
    R --> C
    C --> H

    style H fill:#e3f2fd,stroke:#1976d2
    style F fill:#ffcdd2,stroke:#c62828
    style C fill:#c8e6c9,stroke:#388e3c

Anti-fragility coefficient derivation:

The chaos engineering anti-fragility coefficient $\mathbb{A}_{\text{chaos}}$ is the total reduction in mean time to recovery (MTTR) divided by the cumulative stress injected across all $N$ experiments, where $\text{MTTR}_0$ is the pre-program baseline and $\text{MTTR}_T$ is the post-program measured value.

$\mathbb{A}_{\text{chaos}} = \frac{\Delta \text{MTTR}}{N_{\text{exp}} \cdot \bar{\sigma}} = \frac{\text{MTTR}_0 - \text{MTTR}_T}{\sum_{i=1}^{N} \sigma_i}$

where $\sigma_i$ is the severity of experiment $i$ (dimensionless, 0–5 scale), and $\mathbb{A}_{\text{chaos}}$ has units of MTTR reduction per unit cumulative stress (minutes per stress-unit).

The assumption set $\mathcal{A}_{CE}$ requires: $A_1$ — each experiment reveals at most one hidden dependency; $A_2$ — fixes are independent (no regression); $A_3$ — MTTR improvement is additive per fix.

Under $\mathcal{A}_{CE}$ , the expected MTTR reduction is the product of the number of experiments, the per-experiment probability of discovering a fixable issue, and the average MTTR improvement each fix delivers.

$\mathbb{E}[\Delta \text{MTTR}] = N_{\text{exp}} \cdot P(\text{discover}) \cdot \bar{\Delta}_{\text{fix}}$

where $P(\text{discover})$ is the probability each experiment reveals a fixable issue and $\bar{\Delta}_{\text{fix}}$ is the average MTTR improvement per fix.

Utility improvement:

This formula gives the net gain from running the chaos experiment program: expected MTTR reduction converted to an availability dollar value, minus the cost of running each experiment.

$\Delta U = \mathbb{E}[\Delta \text{MTTR}] \cdot V_{\text{availability}} - N_{\text{exp}} \cdot C_{\text{experiment}}$

$\text{sign}(\Delta U) > 0$ when $P(\text{discover}) \cdot \bar{\Delta}_{\text{fix}} \cdot V > C_{\text{experiment}}$ - i.e., the expected value of discovery exceeds the cost of experimentation.

Stress-information capture architecture: FAILSTREAM captures maximum information from each experiment. The table below lists the six data categories recorded per experiment, the analytical purpose each serves, and how long each category is retained.

Data Captured	Purpose	Retention
Pre-experiment metrics baseline	Establish normal behavior	90 days
Experiment parameters	Reproducibility	Indefinite
System behavior during failure	Failure mode analysis	30 days
Recovery timeline and actions	MTTR analysis	Indefinite
User impact metrics	Severity assessment	Indefinite
Post-experiment metrics	Verify recovery	90 days

Graduated chaos: FAILSTREAM doesn’t start with region-level failures. The chaos engineering maturity model progresses:

The maturity levels progress from terminating individual instances at level 1 (minimal blast radius) through injecting network latency and packet loss at level 2, killing dependent services at level 3, availability zone failures at level 4, region-level exercises at level 5, and multi-region multi-failure compound scenarios at level 6. Each level must demonstrate resilience before progressing. This graduated approach ensures the system handles basic failures before facing complex ones — the same prerequisite structure as the autonomic capability hierarchy.

Edge parallel: FAILSTREAM demonstrates that anti-fragility principles apply beyond tactical edge systems. The same mathematical framework - convex response to stress, information extraction from failures, learning loops - applies to cloud infrastructure, with the chaos experiments serving as controlled stress events.

The pattern generalizes: each stress event converts one implicit assumption into an explicit one, paired with a fallback that handles future violations.

$\text{Implicit Assumption} + \text{Stress Event} \rightarrow \text{Explicit Assumption} + \text{Fallback Mechanism}$

Common implicit assumptions in edge systems include: “At least 50% of nodes are reachable at any time,” “Message delivery latency never exceeds 5 seconds,” “Power levels provide at least 30 minutes warning before failure,” “Adversaries cannot physically access hardware,” and “Clock drift between nodes stays below 100ms.”

Each assumption represents a failure mode waiting to be exposed. Anti-fragile architectures document assumptions explicitly (written down and placed in architecture documents), instrument assumption violations (logging when they are violated), test assumptions deliberately through chaos engineering to verify fallback behavior, and learn from violations by updating models and mechanisms when assumptions fail.

Recording Decisions for Post-Hoc Analysis

Autonomous systems make decisions. Anti-fragile autonomous systems log their decisions for later analysis. Every autonomous decision gets recorded with four elements: the context (what did the system know when it decided?), the options considered (what alternatives were evaluated?), the choice (what was selected and why?), and the outcome (what actually happened?).

This decision audit log enables supervised learning: we can train models to make better decisions based on the outcomes of past decisions.

OUTPOST faced a communication decision during a jamming event. SATCOM was showing degradation with 90% (illustrative value) packet loss. HF radio was available but with lower bandwidth. The autonomous system chose HF for priority alerts based on expected delivery probability: SATCOM at 10% (illustrative value), HF at 85% (illustrative value). Alerts were delivered via HF in 12 seconds (illustrative value). SATCOM entered complete denial 60 seconds (illustrative value) later, confirming jamming.

Post-incident analysis showed the HF choice was correct — SATCOM would have failed completely. This outcome reinforces the decision policy: “When SATCOM degradation exceeds 80% (illustrative value) and HF is available, switch to HF for priority traffic.”

The anti-fragile insight: overrides are learning opportunities. When human operators override autonomous decisions, that override carries information: either the autonomous decision was suboptimal and the model should be updated, or the autonomous decision was correct and the operator needs better visibility into system reasoning.

Both outcomes improve the system. Recording decisions and overrides enables this improvement loop.

Cognitive Map: The stress-as-information section reframes failure events from costs to assets. Proposition 57 provides the weighting function — allocate learning budget proportional to $-\log_2 P$ . The hidden-dependency discovery process (instrument comprehensively, document assumptions, inject deliberate chaos) is the operational implementation. FAILSTREAM demonstrates the commercial pattern: systematic fault injection produces a known dependency map and a measurable MTTR improvement. The Judgment horizon concept at the end establishes the boundary — some high-stakes decisions should route through human override, and those overrides themselves become learning data.

Adaptive Behavior Under Pressure

Under resource pressure, a system must decide what to drop, but design-time estimates of task importance are static — they cannot account for how actual mission context shifts which tasks matter most. Using a utility-per-cost priority function ( $\text{Priority}(t) = U(t) \cdot P(t) / C(t)$ ) to rank tasks for shedding addresses this: operational outcomes update the utility estimates over time — tasks that prove redundant in practice get lower utility scores; tasks that prove critical get higher ones. The degradation hierarchy itself becomes adaptive.

Dynamic re-tiering and adaptive utility estimates require a feedback loop that must be correct before the next stress event. An incorrect utility estimate learned from one context may be wrong in a different context — anti-fragile load shedding is only as good as the outcome labels it learns from.

Intelligent Load Shedding

Not all load is equal. Under resource pressure, systems must prioritize - dropping low-value work to preserve high-value work. The question is: what to drop?

Intelligent load shedding requires a utility function. For each task $t$, three values are needed: $U(t)$ (utility value if the task completes successfully), $C(t)$ (resource cost to complete the task), and $P(t)$ (probability of successful completion).

The shedding priority is the utility-per-cost ratio:

$\text{Priority}(t) = \frac{U(t) \cdot P(t)}{C(t)}$

Tasks with the lowest priority-to-cost ratio are shed first. Tasks are shed in ascending priority order until $R_{\text{available}} \geq R_{\text{required}}$ . If even shedding all non-critical tasks yields $R_{\text{available}} < R_{\mathcal{L}_0}$ , the system transitions to $\mathcal{L}_0$ survival mode regardless of task priorities.

RAVEN under power stress: the table shows five active tasks ranked by $\text{Priority}(t) = U(t) \cdot P(t) / C(t)$ , with the two lowest-priority tasks shed first to preserve mission-critical functions.

Task	Utility	Cost (mW)	Priority	Decision
Threat detection	100	500	0.20	Keep (mission-critical)
Position reporting	80	200	0.40	Keep (fleet coherence)
HD video recording	40	800	0.05	Shed (reconstructible)
Environmental logging	20	100	0.20	Keep until severe stress
Telemetry detail	10	150	0.07	Shed (summary sufficient)

The anti-fragile insight: stress reveals true priorities. Design-time estimates of utility may be wrong. Operational stress shows which tasks actually matter. After several stress events, RAVEN ’s utility estimates updated: HD video recording utility decreased because operators rarely used it, while environmental logging utility increased because it proved valuable for post-analysis.

The load shedding mechanism itself becomes anti-fragile : stress improves the accuracy of the shedding decisions.

Feature Degradation Hierarchies

Graceful degradation is well-established in reliable system design. The anti-fragile extension is to learn optimal degradation paths from operational experience.

The design-time degradation hierarchy for RAVEN maps each capability level to the minimum connectivity threshold $C$ that justifies it and the resource budget it consumes; operational learning subsequently revised several of these thresholds downward.

Level	Capability	Connectivity	Resource Budget
L4	Full capability: streaming video, ML analytics, prediction	$C \geq 0.8$	100%
L3	Summary reporting: compressed updates, basic analytics	$C \geq 0.5$	60%
L2	Threat alerts: detection only, minimal context	$C \geq 0.3$	35%
$\mathcal{L}_1$	Position beacons: location and status only	$C \geq 0.1$	15%
$\mathcal{L}_0$	Emergency distress: survival mode	Always	5%

Operational learning updates this hierarchy. After 30 days, the $\mathcal{L}_2$ threshold was adjusted from 0.3 to 0.25 (illustrative value) — the swarm proved $\mathcal{L}_2$ -capable at lower connectivity — the $\mathcal{L}_3$ resource budget was reduced from 60% to 45% (illustrative value) when optimization found more efficient algorithms, and a new intermediate level $\mathcal{L}_{2.5}$ emerged covering threat alerts with abbreviated context.

The degradation ladder itself adapts based on observed outcomes. If $\mathcal{L}_2$ alerts prove as effective as $\mathcal{L}_3$ summaries for operator decision-making, the system learns that $\mathcal{L}_3$ ’s additional cost provides insufficient marginal value. Future resource pressure will skip directly from $\mathcal{L}_4$ to $\mathcal{L}_2$ .

Quality-of-Service Tiers

Not all consumers of edge data are equal. QoS tiers allocate resources proportionally to consumer importance, forming a strict priority ordering from mission-critical traffic at the top to background logging at the bottom.

$\text{Tier 0 (Mission-Critical)} > \text{Tier 1 (Operational)} > \text{Tier 2 (Informational)} > \text{Tier 3 (Logging)}$

Resource allocation under pressure reserves a guaranteed minimum for Tier 0 (e.g., 40% of bandwidth), provides best-effort with priority for Tier 1 (e.g., 30%), best-effort for Tier 2 (e.g., 20%), and background preemptible capacity for Tier 3 (e.g., 10%).

Under severe pressure, Tier 3 is shed first, then Tier 2, and so on.

The anti-fragile extension: dynamic re-tiering based on context. CONVOY normally classifies sensor data as Tier 2 (informational). During an engagement, sensor data elevates to Tier 0 (mission-critical). This re-tiering happens automatically based on threat detection.

Learned re-tiering rules from operations: “When threat confidence exceeds 0.7 (illustrative value), elevate sensor data to Tier 0”; “When partition duration exceeds 300s (illustrative value), elevate position data to Tier 0”; “When reconciliation backlog exceeds 1000 events (illustrative value), demote logging to Tier 3.”

These rules emerged from post-hoc analysis of outcomes. The system learned which data classifications led to better mission outcomes under stress.

Cognitive Map: The adaptive behavior section shows anti-fragility applied to resource management. The load-shedding priority function turns task ranking into a single-objective decision. The degradation hierarchy maps connectivity thresholds to capability levels — stress events that force capability drops reveal which thresholds were set too conservatively. QoS tiers assign static priority but allow dynamic re-tiering when context changes. All three mechanisms share the same anti-fragile pattern: stress events update the parameters that govern future stress responses, making each successive resource-pressure event slightly better handled than the last.

Learning from Disconnection

Edge systems are deployed with design-time parameter estimates that may be wrong for actual operational conditions. A gossip interval tuned for normal traffic may be too slow under dense jamming and wasteful during clear conditions — static parameters cannot adapt. Framing parameter selection as a multi-armed bandit problem resolves this: each candidate parameter value is an “arm,” and the UCB algorithm balances exploitation (pick the arm with the best observed reward) against exploration (try less-tested arms to verify they aren’t better). In adversarial environments, EXP3 maintains permanent randomization to prevent convergence to a predictable strategy.

UCB converges to the optimal parameter in stationary environments — but convergence is exploitability in adversarial ones. EXP3’s minimax regret bound holds against oblivious adversaries; against fully adaptive adversaries, even EXP3 offers no unconditional guarantee. Choose the algorithm based on whether the environment is stochastic, oblivious-adversarial, or fully adaptive.

Online Parameter Tuning

Edge systems operate with parameters: formation spacing, gossip intervals, timeout thresholds, detection sensitivity. Design-time estimates set initial values based on analytical modeling and domain knowledge. Operational experience reveals conditions that differ from design-time assumptions.

Online parameter tuning adapts parameters based on observed performance. The mathematical framework is the multi-armed bandit problem [7] .

Parameter Tuning: Formal Decision Problem

The objective selects the parameter value $\theta^*$ that maximizes expected cumulative reward over $T$ rounds, where each round’s reward $r_t(\theta)$ reflects system performance (e.g., packet delivery rate) under the chosen parameter.

$\theta^* = \arg\max_{\theta \in \Theta} \mathbb{E}\left[\sum_{t=1}^T r_t(\theta)\right]$

where $r_t(\theta)$ is the reward from parameter value $\theta$ at time $t$.

Three constraints bound the optimization: the parameter must remain within designed operating limits ($g_1$), it must not change faster than the system can safely adapt ($g_2$), and each value must be explored a minimum number of times before being exploited ($g_3$).

$\begin{aligned} g_1: && \theta &\in [\theta_{\min}, \theta_{\max}] && \text{(parameter bounds)} \\ g_2: && \frac{d\theta}{dt} &\leq \dot{\theta}_{\max} && \text{(adaptation rate limit)} \\ g_3: && n_{\theta} &\geq n_{\min} \text{ before exploitation} && \text{(exploration requirement)} \end{aligned}$

Two equations track, for each candidate parameter value $\theta$, how many times it has been tried ($n_\theta$) and the running average reward ( $\hat{\mu}_\theta$ ), updated incrementally each round.

$\begin{aligned} n_{\theta}(t+1) &= n_{\theta}(t) + \mathbb{1}[\theta_t = \theta] \\ \hat{\mu}_{\theta}(t+1) &= \frac{n_{\theta}(t) \cdot \hat{\mu}_{\theta}(t) + r_t \cdot \mathbb{1}[\theta_t = \theta]}{n_{\theta}(t+1)} \end{aligned}$

At each round, the UCB decision rule selects the parameter $\theta$ that maximizes the sum of its estimated mean reward and an exploration bonus that decays as the parameter is tried more often.

$\theta_{t+1} = \arg\max_{\theta \in \Theta} \left[ \hat{\mu}_{\theta}(t) + c\sqrt{\frac{\ln t}{n_{\theta}(t)}} \right]$

UCB selects the arm with the highest empirical mean plus exploration bonus, making it effective only in stationary, non-adversarial environments — where its guarantee prevents greedy stagnation from permanently abandoning arms that accumulated early bad luck. The exploration coefficient $c$ trades convergence speed against exploration coverage: $c = 1.0$ (illustrative value) is the practical setting for finite-horizon edge deployments; $c = \sqrt{2} \approx 1.41$ (theoretical bound) is the value that guarantees the formal regret bound but assumes unlimited rounds, causing slower convergence when the mission horizon is bounded.

Consider gossip interval selection. The design-time value is 5s (illustrative value). But the optimal value depends on current conditions: dense jamming favors 3s (illustrative value) for faster anomaly propagation; clear conditions favor 8s (illustrative value) to conserve bandwidth without loss of awareness; marginal conditions keep 5s (illustrative value) as a balanced trade-off.

Discretization requirement — arms must be qualitatively distinct, not a fine grid: EXP3-IX [Neu, 2015] is a discrete bandit. Arms should represent qualitatively distinct operating regimes, not a fine grid over a continuous range. For short edge-mission horizons ($T \leq 2000$), $K \leq 8$ per tuned parameter keeps bandit regret from dominating. When precision requires $K > 16$ arms, use gradient descent or Bayesian optimization instead.

Discretization regret decomposition. When the true action space is continuous ( $\theta \in \Theta \subset \mathbb{R}$ ), discretizing to $K$ arms introduces two additive regret components:

\[R_{\text{total}} = R_{\text{bandit}} + R_{\text{disc}} = O!\left(\sqrt{TK\ln K}\right) + T \cdot B(\varepsilon)\]

where $\varepsilon = (\theta_{\max} - \theta_{\min})/K$ is the arm spacing and $B(\varepsilon) = \varepsilon \cdot |\partial r/\partial \theta|_{\max}$ is the per-round approximation error from picking the nearest arm instead of the true optimum.

These forces oppose: $R_{\text{bandit}}$ grows with $K$ (more arms = harder exploration), while $R_{\text{disc}}$ shrinks with $K$ (finer grid = less quantization loss). The gossip example above ($K = 3$: 3 s / 5 s / 8 s) is correct because the three values represent qualitatively distinct operating regimes (fast propagation, balanced, bandwidth-conserving), not a fine grid over $[3,8]$. Adding a fourth arm at 4 s would shrink $B(\varepsilon)$ by 25% while increasing $R_{\text{bandit}}$ by 40% at $T = 1000$ — a net loss.

Non-convex reward surfaces and the Valley of Death. The $R_{\text{disc}}$ formula is derived under a Lipschitz smoothness assumption — $B(\varepsilon) = \varepsilon \cdot |\partial r/\partial \theta|_{\max}$ is finite and bounded. If the reward surface is non-convex between arms — for example, a gossip interval of 4 s coincides with a TDMA frame boundary, causing systematic packet collisions — the local Lipschitz constant blows up and $R_{\text{disc}}$ is invalid.

More critically, EXP3-IX treats arms as independent random variables with no model of the reward surface between them. Implementation jitter bridges this gap in a dangerous way: a scheduler with 50 ms resolution selecting the “3 s arm” may occasionally execute at 3.4 s or 3.8 s, inadvertently sampling the inter-arm space. The contaminated reward is attributed to Arm 1 (3 s), not to the 4 s valley the jitter reached.

If both Arm 1 and Arm 2 (5 s) accumulate jitter-contaminated rewards, neither arm’s weight dominates decisively and the bandit oscillates between them — correctly, given the information it has, but for the wrong reason.

Three guards against valley contamination are required. The first is jitter-safe arm spacing: ensure the gap between adjacent arms exceeds the implementation’s timer jitter envelope — $|\theta_i - \theta_{i+1}| \gg 2\sigma_{\text{jitter}}$ . For RAVEN’s 5 s MAPE-K tick with 50 ms scheduler resolution, $\sigma_{\text{jitter}} \approx 100\,\text{ms}$ (2-sigma); the 3 s / 5 s / 8 s arms have gaps of 2 s and 3 s — $10\text{–}15\times$ the jitter envelope, providing isolation. A 3 s / 4 s arm pair with 1 s gap would be jitter-unsafe. The second is a pre-flight resonance scan: before deployment, measure reward at each arm candidate and at the midpoints. If any midpoint reward falls more than $\delta_{\text{valley}}$ below both neighbors (a practical threshold is $\delta_{\text{valley}} = 0.15$ in normalized reward units), the inter-arm space contains a valley — adjust arm placement to move both neighbors away from it, not toward it. The third is per-arm variance monitoring: if $\widehat{\mathrm{Var}}[r \mid a_i] > 3 \cdot \mathrm{median}_j\bigl(\widehat{\mathrm{Var}}[r \mid a_j]\bigr)$ , arm $i$ has anomalously high reward variance — the signature of jitter contamination from an inter-arm valley. Flag this arm for spacing review; do not suppress it in the bandit (that would introduce selection bias) but do widen its gap before the next deployment.

The 3 s / 5 s / 8 s arm design satisfies all three guards simultaneously: jitter-isolated, no known LoRa or MANET collision resonances between them, and empirically validated uniform variance in RAVEN pre-flight testing.

Proposition 58 ( UCB Regret Bound). The Upper Confidence Bound ( UCB ) algorithm achieves sublinear regret [5] :

Under-tested healing actions always get a bonus exploration pull, so RAVEN ’s gossip-interval bandit keeps probing alternatives rather than locking in prematurely.

$\text{UCB}(a) = \hat{\mu}_a + c\sqrt{\frac{\ln t}{n_a}}$

where $\hat{\mu}_a$ is the estimated reward for arm $a$, $t$ is total trials, and $n_a$ is trials for arm $a$. The cumulative regret is bounded by:

$R_T = O\left(\sqrt{T \cdot K \cdot \ln T}\right)$

The bound certifies UCB suitability by comparing $O(\sqrt{T \cdot K \cdot \ln T})$ against a mission’s acceptable regret budget; it does not hold in adversarial settings, where EXP3-IX ( Definition 81 ) applies instead. Per-round regret decreases as $\sqrt{1/T}$ — UCB keeps improving over the mission horizon, so the average cost per round shrinks monotonically while static policies incur a constant regret rate.

Physical translation: The UCB score $\hat{\mu}_a + c\sqrt{\ln t / n_a}$ has two parts. $\hat{\mu}_a$ is the arm’s track record — average reward so far. The second term is the exploration bonus — large when $n_a$ is small (under-tested arm, bonus is high) and shrinking as the arm accumulates trials. An arm with average reward 0.7 tried 5 times scores $0.7 + c \cdot 0.77$ at round $t = 100$. An arm with average reward 0.75 tried 50 times scores $0.75 + c \cdot 0.24$. At $c = 1$, the more-tested arm scores 0.99 vs. 1.47 — UCB selects the under-tested arm. Once both arms are similarly explored, the higher-mean arm wins permanently.

What this means in practice: The UCB exploration strategy guarantees that over time, the arm-selection policy converges toward the optimal. The regret bound tells you how much “learning cost” you incur during exploration — and it grows as $O(\sqrt{T})$ , meaning the average per-round cost decreases. For 1000 decision rounds, the total regret is bounded by roughly 45 times the per-action cost of a wrong choice.

where $K$ is the number of arms. This guarantees convergence to the optimal arm as $T \rightarrow \infty$.

Note: The $O(\sqrt{TK\ln T})$ form above is UCB ’s stochastic regret bound in the worst case over arm gaps. UCB1’s classical instance-dependent bound is $O\!\left(\sum_{k: \Delta_k > 0} \frac{\ln T}{\Delta_k}\right)$ where $\Delta_k = \mu^* - \mu_k$ is the suboptimality gap — tighter when gaps are large, looser when arms are nearly equal.

The adversarial minimax regret bound ( EXP3 ) replaces $\ln T$ with $\ln K$, giving $O(\sqrt{TK\ln K})$ ; see the EXP3 section below.

Comparability caveat: UCB1’s total regret bound $O(\sqrt{TK \ln T})$ is derived under stochastic reward assumptions; EXP3-IX’s adversarial bound $O(\sqrt{TK \ln K})$ holds against any adaptive adversary. These bounds are not directly comparable without specifying the reward model: under stochastic reward assumptions UCB1 achieves the tighter gap-dependent bound $O(K \ln T / \Delta)$, while EXP3-IX’s minimax bound applies even when UCB1 gives no guarantee.

The minimax comparison: EXP3-IX’s adversarial bound exceeds UCB1’s stochastic bound when the environment is benign, but EXP3-IX provides guarantees in adversarial regimes where UCB1 does not.

Proof sketch: The UCB term ensures each arm is tried $O(\ln T)$ times. The regret from suboptimal arms scales as $\sqrt{T \ln T / K}$ per arm, giving total regret $O(\sqrt{TK \ln T})$ . Select the arm with highest UCB . This naturally explores under-tried arms while exploiting high-performing arms.

Operational acceptability — when is the regret budget acceptable? For RAVEN with $T = 1000$ decisions and $K = 5$ arms: $R \approx \sqrt{1000 \cdot 5 \cdot \ln 1000} \approx 263$ regret units. If total mission utility is 1000 units, regret is approximately 26% — meaning the system operates at 74% of optimal during the learning phase. This is acceptable when the learned policy will govern future missions; it is unacceptable for single-use deployments.

Rule of thumb: regret $< 10\%$ of mission utility requires either (a) warm-start priors ( Definition 82 ) that cut effective $T$ by $N_q$ virtual observations, or (b) reducing $K$ until the bound is satisfied. RAVEN with warm-start ($N_q = 921$ virtual observations) reduces effective $T$ to 79 rounds, cutting regret by 70%.

UCB validity boundary. UCB assumes a stochastic stationary environment. In adversarial or non-stationary conditions — jamming, progressive rotor degradation, or post-partition reconnect — its regret guarantee does not hold. When any of these conditions apply, do not use UCB: switch to EXP3-IX ( Definition 81 ).

UCB failure modes. UCB ( Proposition 58 ) assumes arm reward distributions are fixed over the mission horizon. This assumption breaks when jamming causes an adversary to adaptively shift the reward distribution of preferred arms, when non-stationary faults such as rotor degradation progressively change which action is optimal, or when post-partition reconnect invalidates pre-partition UCB estimates — in that case, HLC reconciliation ( Definition 63 ) and Drift-Quarantine checks ( Definition 64 ) must complete before restoring EXP3-IX arm weights from the pre-partition checkpoint, as restoring weights earlier biases the bandit toward actions calibrated to a stale fleet state.

If UCB is already deployed and the environment turns adversarial mid-mission, the warm-start prior collapse detector ( Definition 82 ) will signal the transition; initiate an EXP3-IX restart with uniform weights at that point.

Bayesian confidence floor. For any Bayesian-adjacent component (UCB, warm-start prior), define an explicit confidence floor $\varepsilon_\text{conf}$. When posterior uncertainty (inverse confidence) exceeds $1/\varepsilon_\text{conf}$, the component is outside its validity envelope: escalate to EXP3-IX or contribute a low-confidence signal to $\Psi(t)$. The bandit cannot become a silent failure mode — it always declares its own uncertainty, closing the loop to the handover trigger in The Constraint Sequence and the Handover Boundary.

Empirical status: The $O(\sqrt{TK \ln T})$ bound is a worst-case theoretical guarantee from Auer et al. (2002); real UCB performance on edge mission profiles typically falls well below this ceiling when arm reward gaps are large, and the 26% figure for RAVEN at $T=1000$ is illustrative for $K=5$ equal-gap arms — actual regret depends on the gap distribution measured in field trials.

Watch out for: the $O(\sqrt{TK \ln T})$ bound is derived under the assumption that each arm’s reward distribution is fixed and independent of the algorithm’s history; an adversary who observes arm selection frequencies can target the arm UCB is converging toward, shifting its reward distribution downward and forcing UCB to re-converge — producing regret that grows linearly in $T$ rather than sub-linearly, with no bound of the form $O(\sqrt{T})$ provable in adversarial regimes regardless of how large $T$ grows.

Game-Theoretic Extension: Adversarial Bandits and EXP3

Proposition 58 achieves $O(\sqrt{TK\ln T})$ regret against an oblivious adversary whose reward distributions are fixed regardless of the system’s strategy. Against an adaptive adversary who observes the system’s parameter estimates and counter-adapts, UCB provides no regret guarantee [8] .

The convergence-vulnerability trade-off: As UCB converges to the optimal gossip interval $\lambda^* = 3$s, the adversary learns this and switches to a jamming pattern invisible at 3s but detectable at 5s intervals. UCB then converges to 5s - and the adversary switches again. Convergence is exploitability.

EXP3 (Exponential Weights for Exploration and Exploitation): Against an oblivious adversary, EXP3 achieves a minimax regret bound that depends on $\ln K$ (the log of the number of arms) rather than $\ln T$, making it tighter when many rounds are played [7] .

$R_T^{\text{EXP3}} \leq O\!\left(\sqrt{TK \ln K}\right)$

The proposition gives the minimax regret bound $O(\sqrt{T \cdot K \cdot \ln K})$ against an adaptive adversary — the guarantee that UCB’s $O(\ln T)$ stochastic bound cannot provide when rewards are adversarially selected. For CONVOY with $K = 8$ (illustrative value) arms and $T = 1000$ (illustrative value) mission rounds, the bound evaluates to approximately 188 (theoretical bound under illustrative parameters) regret units. The $\sqrt{K \ln K}$ factor grows faster in $K$ than UCB’s $\sqrt{K \ln T}$ factor, so arm counts above 16 (illustrative value) impose disproportionate regret costs on short-horizon tactical missions.

EXP3 maintains permanent exploration by updating each arm’s weight $w_i$ multiplicatively: arms that received higher importance-weighted reward $\hat{r}_i / p_i$ grow faster, but no arm’s weight collapses to zero because the minimum selection probability $\gamma/K$ is always maintained.

$w_i(t+1) = w_i(t) \cdot \exp\!\left(\eta \cdot \frac{\hat{r}_i(t)}{p_i(t)}\right)$

Physical translation: The weight update $w_i \leftarrow w_i \cdot \exp(\eta \hat{r}_i / p_i)$ is multiplicative — arms with good recent rewards grow their weights exponentially while arms with poor rewards shrink proportionally. The importance-weighting $\hat{r}_i / p_i$ corrects for the selection probability: if arm $i$ was only chosen 5% of the time ($p_i = 0.05$), its observed reward is scaled up by $20\times$ to get an unbiased estimate of what it would have returned if chosen more often. The $\gamma/K$ floor ensures that even the weakest arm retains a minimum probability — the adversary can never learn that the system has permanently abandoned any arm, preventing exploitation of any deterministic pattern.

where $\hat{r}_i(t) = r_i(t) \cdot \mathbb{1}[I_t = i] / p_i(t)$ is the importance-weighted reward and $p_i(t) = (1-\gamma) w_i(t)/\sum_j w_j(t) + \gamma/K$ maintains minimum exploration probability $\gamma/K > 0$ on all arms permanently.

The anti-fragility connection: UCB ’s convergence to a single arm is fragile in adversarial settings - it creates a predictable target. EXP3 ’s regret bound holds against an oblivious adversary — one who fixes their strategy before the game begins. Against a fully adaptive adversary who responds to algorithm outputs, EXP3 ’s minimax bound still holds as a worst-case guarantee over all oblivious strategies, but cannot match an adversary who observes selections and responds in real time. EXP3 ’s maintained randomization is genuinely anti-fragile : its performance improves relative to the adversary’s best fixed strategy as $T \to \infty$.

Practical implication: For all UCB applications in contested environments - gossip interval tuning (Self-Measurement Without Central Observability), healing action selection (Self-Healing Without Connectivity) - replace UCB with EXP3 . EXP3 is a drop-in replacement with the same interface; only the weight update rule changes. Use UCB only for non-adversarial commercial applications ( ADAPTSHOP discount optimization, PREDICTIX threshold tuning) where the adversary assumption does not apply.

From Stochastic to Adversarial: When the Environment Plays Back

The healing control loop in Self-Healing Without Connectivity assumes the environment is stochastic: connectivity fails at known statistical rates (Weibull model, Definition 13 ), sensor anomalies arrive at calibrated rates $\lambda_{\text{drift}}$, and healing actions succeed or fail according to fixed probability distributions. Against this backdrop, Upper Confidence Bound (UCB) exploration is optimal [5] — it balances exploitation of known-good actions with exploration of potentially better alternatives [9] , achieving $O(\sqrt{T \ln T})$ regret.

This assumption breaks when the environment responds to your actions. An adaptive jammer that intensifies RF interference exactly when a drone swarm selects its historically-reliable frequency band is not stochastic — it is adversarial. A spoofing attack that targets the swarm’s predicted recovery path after observing prior recoveries is not a random process. In these cases, UCB fails: exploiting a known-good action signals to the adversary which action to block next.

The deployment decision rule works as follows. By default, assume stochastic and use the gossip-protocol healing loop from Self-Healing Without Connectivity — lower overhead, near-optimal under i.i.d. failure. Switch to adversarial mode (EXP3-IX below) after the Adversarial Non-Stationarity Detector ( Definition 84 ) fires for two consecutive detection windows, or during pre-mission threat assessment when adaptive interference is part of the operational environment — e.g., RAVEN operating in contested EW airspace, CONVOY in active jamming corridors. Switch back when the non-stationarity detector clears for 30 (illustrative value) continuous minutes, reverting to the stochastic model to reduce overhead ( Definition 29 , Autonomic Overhead Budget).

The formal adversarial model follows. (The Adversarial Markov Game formalizing this model is Definition 80 below; readers may skip ahead to it for the formal structure.)

From Stochastic to Adversarial: The Markov Game

The gap identified above — EXP3 ’s bound holds against oblivious adversaries but not adaptive ones — motivates formalizing what “adaptive adversary” means in the connectivity regime model. The CTMC (Def 3) represents the environment as a fixed generator matrix $Q$. When the adversary is adaptive, $Q$ is not fixed: the adversary sets it depending on what the defender does.

During RAVEN ’s reconciliation phase (3–36 s after a partition heals), gossip -interval selections are observable to an adversary monitoring RF patterns. Self-measurement confidence is lowest in this window — an adaptive adversary times the next jamming strike for this exact moment. The CTMC cannot model this because $Q$ is not a property of the environment alone; it is a function of both defender and adversary choices.

Variable disambiguation — $\gamma$ in this section. Four mechanisms in this article share the symbol $\gamma$ with incompatible ranges. The Def 63 inflation factor is renamed $\gamma_{\text{infl}}$ to prevent collision with Def 32’s value-function discount factor ($\gamma_V \in (0,1)$ is incompatible with $\gamma > 1$).

Symbol	Role	Constraint	Definition
$\gamma_V$ (Def 32)	Value-function discount factor in infinite-horizon value function	$\gamma_V \in (0,1)$	Definition 80
$\gamma$ (EXP3 standard)	Additive mixture with uniform distribution: probability floor = $\gamma/K$ per arm (distinct from EXP3-IX’s denominator-floor mechanism)	$\gamma/K$ = minimum arm probability	From Stochastic to Adversarial: The Markov Game
$\gamma$ (Def 33, EXP3-IX)	Implicit exploration floor in IX estimator	$\gamma = \eta\sqrt{K/2}$	Definition 81
$\gamma_{\text{infl}}$ (Def 63)	CUSUM exploration-rate inflation factor	$\gamma_{\text{infl}} > 1$	Definition 90
$\gamma(\sigma)$	Semantic convergence factor	Why Edge Is Not Cloud Minus Bandwidth, Definition 5b	$\gamma(\sigma) \in [0,1]$; measures fleet-wide semantic alignment

(Additional $\gamma$ subscripts: $\gamma_s$ = staleness decay rate; $\gamma_\text{rbf}$ = RBF kernel bandwidth; $\gamma_\text{cf}$ = conflict fraction in fleet coherence; $\gamma_\text{FN}$ = false-negative cost ratio. Bare $\gamma$ without subscript is not used in this article.)

Definition 80 (Adversarial Markov Game). ($\gamma_V$ here is the Markov game discount factor, distinct from the EXP3-IX implicit exploration floor $\gamma$ in Definition 81 and the CUSUM inflation factor $\gamma_{\text{infl}}$ in Definition 90.) An adversarial connectivity game is a 6-tuple $\mathcal{G} = (S, A, B, Q, R, \gamma_V)$ where:

$S = \{C, D, I, N\}$ — connectivity regimes ( Definition 6 )
$A$ — $K$ defender actions (healing responses, bandit arms)
$B$ — adversary action set (jamming intensities, timing windows)
$Q: A \times B \to$ generator matrices — the CTMC generator when defender plays $a \in A$ and adversary plays $b \in B$
$R: S \times A \times B \to \mathbb{R}$ — per-step mission throughput reward
$\gamma_V \in (0,1)$ — discount factor ($\gamma_V \in (0,1)$ is the value-function discount factor; distinct from the EXP3-IX exploration floor $\gamma$ in Definition 81 ); adversary plays adaptive policy $\tau_t = \tau(h_t)$ where $h_t$ is the full defender action history

The security value is:

$V^* = \max_{\sigma:\, S \to \Delta(A)}\; \min_{\tau}\; \mathbb{E}\!\left[\sum_{t=0}^{\infty} \gamma_V^t R(s_t, a_t, b_t) \,\Big|\, s_0\right]$

where $\sigma$ is the defender’s mixed (randomized) policy and $\tau$ ranges over all adaptive adversary strategies. (Disambiguation: $\tau$ here denotes an adversary strategy mapping; it is distinct from $\tau_{\text{ref}}$ (the adaptive refractory backoff period in Definition 48 ) and from $\tau(a)$ (the stochastic transport delay in Definition 89 of this article). Where needed, adversary strategies are written $\tau_{\text{adv}}$ .)

(Scope: The adversarial Markov Game model applies during active jamming or sensor-spoofing scenarios where failure is intentional and correlated with defender actions. During normal partition — where failure is environmental rather than intentional — the cooperative gossip model applies and achieves higher utility because nodes benefit from sharing state. The two models are not in conflict: use the adversarial MAB during contested operations, cooperative gossip during uncontested isolation.)

In practice, this means: rather than treating connectivity failures as random events with fixed rates, the adversarial model treats them as deliberate choices by an opponent who watches what the defender does and picks the jamming pattern most likely to cause harm — forcing the defender to respond with randomized rather than predictable policies.

Physical translation: The security value $V^*$ is the mission throughput the swarm guarantees regardless of adversary tactics. The max-min structure: the swarm first commits to a randomized policy $\sigma$; the adversary — knowing $\sigma$ — chooses the worst-case response $\tau$. $V^*$ is what the swarm can deliver given that the adversary plays optimally against it. The discount factor $\gamma_V \in (0,1)$ ensures a swarm that survives 30 days at moderate performance is valued over one that performs perfectly for 3 days and then collapses. For RAVEN, $V^*$ provides the formal lower bound on mission throughput that EXP3-IX approaches as rounds increase.

Proposition 59 (Deterministic Policies Are Dominated). For any pure (deterministic) policy $\pi_D: S \to A$ , there exists an adversary strategy $\tau^*$ such that $V(\pi_D, \tau^*) < V^*$. The minimax mixed policy $\sigma^*$ achieves $V^*$ under all adversary strategies. ($\sigma^*$ here is the minimax mixed strategy; unsubscripted $\sigma$ throughout this article is stress magnitude in $[0, \sigma_{\max}]$ .)

A jammer who learns RAVEN always re-meshes on the same schedule can time its next burst to land exactly then — randomizing the recovery action closes that window.

Proof. By the minimax theorem (von Neumann, 1928) for finite $S, A, B$:

$\max_{\sigma}\, \min_{\tau}\, V(\sigma, \tau) = \min_{\tau}\, \max_{\sigma}\, V(\sigma, \tau) = V^*$

Any pure $\pi_D$ is a degenerate mixed policy, so $V(\pi_D, \tau) \leq V^*$ for all $\tau$. Strict inequality holds when the adversary observes the deterministic recovery action and can exploit the predictable response window — e.g., scheduling the next jamming burst during the fixed interval RAVEN uses to re-establish mesh topology. $\square$

Note: Although Definition 80 ’s adversary plays an adaptive (history-dependent) strategy, the minimax theorem applies via reduction to the normal-form game: for two-player zero-sum games, the normal-form minimax value equals the extensive-form value (Osborne & Rubinstein, 1994). The reduction is standard; the sequential game’s value equals that of the simultaneous-move matrix game formed by treating all strategies as behavioral strategy profiles.

Operational consequence: $\sigma^*$ assigns positive probability to all $K$ healing actions. The adversary cannot predict the exact response action and cannot exploit any specific recovery window. This is the formal justification for EXP3 ’s permanent randomization in contested environments.

Watch out for: the minimax theorem establishes existence of $\sigma^*$ but not its computability from a finite observation record; in practice, the adversary observes a finite sample of actions and infers the mixed-strategy probabilities from that — meaning a mission with small $T$ gives the adversary insufficient data to identify $\sigma^*$, but also gives EXP3-IX insufficient data to have converged to it, so both the guarantee and the vulnerability are weaker than the asymptotic theorem implies for short missions.

EXP3-IX: Optimal Response Under Adaptive Adversaries

Standard EXP3 uses importance-weighted estimator $\hat{r}_i(t) = r_i(t) \cdot \mathbf{1}[I_t = i] / p_i(t)$ with variance $\mathrm{Var}[\hat{r}_i] \leq 1/p_i^2$ . An adaptive adversary who observes action probabilities can manipulate $p_i$ to be small — driving variance to explode and breaking EXP3 ’s martingale analysis. The Implicit eXploration (IX) estimator bounds this by adding $\gamma$ to the denominator.

Definition 81 ( EXP3-IX Algorithm). EXP3 with Implicit eXploration uses parameters $\eta = \sqrt{2 \ln K / (TK)}$ and $\gamma = \eta\sqrt{K/2}$ . The IX estimator replaces the standard importance-weighted estimate:

In practice, this means: the $\gamma$ term in the denominator prevents any arm’s selection probability from collapsing to zero, ensuring the swarm never completely stops exploring any healing action — so a jammer who waits for the system to commit to a predictable pattern will wait forever.

$\hat{r}_i^{\mathrm{IX}}(t) = \frac{r_i(t) \cdot \mathbf{1}[I_t = i]}{p_i(t) + \gamma}$

Weights and selection probabilities update as:

$w_i(t+1) = w_i(t) \cdot \exp\!\left(\eta \cdot \hat{r}_i^{\mathrm{IX}}(t)\right), \qquad p_i(t) = \frac{w_i(t)}{\sum_{j=1}^K w_j(t)}$

The update rule corrects for selection-probability bias via importance weighting, applied after every MAPE-K tick outcome; without the denominator floor $\gamma$, importance weights for rarely-selected arms explode toward the float32 overflow boundary on embedded hardware. The learning rate is $\eta = \sqrt{2 \ln K / (TK)}$ , with $\gamma$ set to the same order as $\eta$. The explicit upper bound $1/\gamma$ must be enforced at each weight update on embedded hardware — without it, silent overflow corrupts the weight vector without triggering any detectable arithmetic exception.

Physical translation: The weight update $w_i \leftarrow w_i \cdot \exp(\eta \cdot \hat{r}_i^{\mathrm{IX}})$ is a multiplicative reputation system: arms that produce high reward get heavier weights and are selected more often; arms that fail get lighter weights and are selected less. The $\gamma$ floor in the denominator prevents any arm’s selection probability from collapsing to zero — no arm is ever permanently abandoned, which prevents a determined adversary from “freezing out” an arm and then springing it as a trap when the swarm’s weights have converged elsewhere.

Compute Profile: CPU: $O(K)$ per decision round — one importance-weight computation, one weight update, one softmax normalization, all linear in arm count $K$ . Memory: $O(K)$ — one weight scalar per arm. Beyond $K = 8$ the exploration overhead begins to dominate exploitation gains at edge-mission time horizons (see Operational Envelope below).

Analogy: A chef trying recipes in a kitchen where ingredients secretly change quality — they track which recipes worked recently, give all recipes a small exploration chance, and rebalance when a recipe stops working.

Logic: Each arm’s importance-weighted reward estimate corrects for selection-probability bias; exponential weight updates preserve the minimax regret bound against any adaptive adversary.

    
    flowchart TD
    A[Observe connectivity context] --> B[Prune arm set
remove arms requiring higher connectivity]
    B --> C[Sample arm i
proportional to weights]
    C --> D[Execute action i]
    D --> E[Observe reward clipped to safety range]
    E --> F[Compute importance weight]
    F --> G[Update weight via EXP3-IX rule]
    G --> H{Prior collapse?
max w / sum > psi}
    H -->|No| A
    H -->|Yes Tier 1| I[Inject random walk eps=0.05]
    I --> A
    H -->|Yes Tier 3| J[Full reset: uniform weights]
    J --> A

No forced exploration floor is required — the implicit $\gamma$ bias in the estimator alone bounds regret. EXP3-IX is a drop-in replacement for EXP3 : same weight structure, same selection rule; only the estimator changes.

Note on K in this formula. The relationship $\gamma = \eta\sqrt{K/2}$ uses the static K from algorithm initialization (total number of arms). When the effective arm set $K_\text{eff}$ varies dynamically ( Definition 83 ), $\gamma$ remains fixed from initialization to prevent destabilizing weight oscillations. The static K is the upper bound on arm count; $K_\text{eff} \leq K$ at all times.

Note: this bound uses $K$ (total arm count) rather than $K_\text{eff}$ (active arm count under the connectivity-pruned set). In the connected regime where $K_\text{eff} = K$, the bound is tight. In denied regime ($K_\text{eff} = 3$), the bound with $K = 5$ is conservative by a factor of $\sqrt{5/3} \approx 1.29$ . A tighter bound using $K_\text{eff}$ throughout would reduce the conservative factor but require tracking regime-specific arm counts in the regret analysis.

Proposition 60 ( EXP3-IX Regret Bound). With optimal $\eta$ and $\gamma$ as in Definition 81:

Even against a jammer watching every RAVEN arm selection, the swarm’s cumulative learning cost grows as the square root of mission rounds — the adversary cannot prevent convergence.

$R_T^{\mathrm{IX}} \leq 2\sqrt{T K \ln K} = O\!\left(\sqrt{T \ln T}\right)$

since $K \leq T \Rightarrow \ln K \leq \ln T$ . This bound holds against fully adaptive adversaries where $r_i(t)$ may depend on past action probabilities $\{p_j(s)\}_{s < t}$ .

Proof sketch. The second moment of the IX estimator satisfies $\mathbb{E}[(\hat{r}_i^{\mathrm{IX}})^2] \leq 1/\gamma$ (bounded because $p_i(t) + \gamma \geq \gamma$ always). A potential function $\Phi_t = \sum_i w_i(t)$ satisfies a standard recursion; summing over $t$ and optimizing $\eta, \gamma$ jointly yields $R_T^{\mathrm{IX}} \leq (\ln K)/\eta + \eta TK/(2\gamma) = 2\sqrt{TK \ln K}$ . $\square$

RAVEN calibration ($K = 5$ (illustrative value) healing actions, $T = 1000$ (illustrative value) decision rounds): $\eta \approx 0.018$, $\gamma \approx 0.028$; minimum arm probability $p_i \geq 0.12$ (no arm collapses to zero). Regret $R_T^{\mathrm{IX}} \leq 180$ (theoretical bound) rounds — an 18% (illustrative value) “cost of unpredictability” — meaning the adversary cannot exploit any recovery window regardless of their observation capability.

Physical translation: $O(\sqrt{TK \ln K})$ regret means: over a 4-hour RAVEN mission with $T = 1000$ (illustrative value) decision rounds and $K = 5$ (illustrative value) healing actions, the worst-case cumulative regret is bounded at 180 (theoretical bound) rounds — 18% (illustrative value) of decisions are sub-optimal compared to the best fixed action in hindsight. Crucially, this holds even against an adversary who can observe every arm selection and adapt their jamming in response. The $\sqrt{T}$ growth means per-round regret shrinks as $1/\sqrt{T}$ — the swarm keeps improving over the mission, and the adversary’s exploitation window closes with every decision round.

$K = 5$ design rationale — action classes, not parameter grid points: The five arms in the RAVEN calibration are $k_N$ shape, gossip fanout, MAPE-K tick rate, anomaly threshold, and cross-cluster priority. Each arm selects a qualitatively distinct resource allocation profile — not a point on a continuous scale for a single parameter. Fine-grained parameter tuning (e.g., choosing among 20 (illustrative value) values of $k_N \in [0.5, 3.0]$) would require $K \gg 8$, which at $T = 1000$ (illustrative value) rounds would push $R_{\text{bandit}} = 2\sqrt{1000 \cdot 20 \cdot \ln 20} \approx 546$ (theoretical bound) — a 54% (illustrative value) loss rate that makes the bandit undeployable. The regret bound in Proposition 60 ($R_T^{\mathrm{IX}} \leq 180$ (theoretical bound) at $K = 5$ (illustrative value)) is achievable precisely because each arm encodes a coarse qualitative choice with large reward differences between classes. Continuous parameter tuning within a class is delegated to static lookup tables calibrated offline — EXP3-IX selects which regime to operate in; the regime’s parameter values are pre-optimized. This is the correct division of responsibility at edge-mission horizons.

Empirical status: The bound $R_T^{\mathrm{IX}} \leq 180$ for RAVEN ($K=5$, $T=1000$) is a worst-case theoretical ceiling; observed regret in RAVEN simulation trials runs 40–70% below this bound because arm reward gaps are not worst-case equal, and the figure scales with arm count and horizon length for other deployment profiles.

Watch out for: the $O(\sqrt{TK \ln K})$ bound scales as $\sqrt{K}$ in arm count, so a deployment that increases $K$ from 5 to 20 arms quadruples the regret constant without changing the mission horizon — an arm-count increase that appears to add decision flexibility in fact makes the bound vacuous at short mission durations, and the correct design discipline is to pre-commit arm granularity from the regret budget before selecting the number of arms rather than adding arms and then checking whether the bound is satisfied.

Adversarial Regret Model: Operational Envelope. The $O(\sqrt{T})$ regret bound of Proposition 60 holds under the following conditions. Network jitter $< 2\sigma_{\text{jitter}}$ where $\sigma_{\text{jitter}}$ is the transport delay std from Definition 37 in Self-Healing Without Connectivity: at jitter above 200 ms (95th percentile), the delayed-feedback buffer ( Definition 69 ) overflows and regret guarantees degrade to $O(T^{2/3})$ rather than $O(\sqrt{T})$ . Packet loss $< 15\%$ : above this threshold, the reward signal becomes too sparse for UCB-style exploration to converge within the decision horizon. Non-stationarity rate $\lambda_{\text{change}} < 0.1 \text{ Hz}$ : faster environment changes require the Emergency Reset Protocol (see below). Arm count $K \leq 8$ : beyond 8 arms, the exploration overhead dominates exploitation gains at the time scales available on ARM edge hardware.

Warm-Start and Contextual Extensions

The Proposition 60 bound scales as $2\sqrt{TK \ln K}$ from a cold-start with uniform weights $w_i(0) = 1/K$ . In the first $O(K)$ rounds the algorithm is effectively blind — it explores each arm roughly uniformly before weights diverge. For a fast tactical shift (jamming onset, terrain blackout), these early sub-optimal rounds are the most dangerous: the healing action chosen during the learning phase must be safe even when the policy has not yet converged. Two structural improvements address this without weakening Proposition 60 ’s adversarial guarantee:

The first improvement is a warm-start prior: weights are initialized from the current capability level $q$ to concentrate exploration on actions known feasible and effective at the current resource state. This follows the principle of using prior knowledge to accelerate online learning, analogous to transfer learning in federated settings [10] . The second is a connectivity-pruned arm set: $C(t)$ is used as side information to eliminate arms that are physically infeasible given current connectivity, reducing the active arm count $K_{\text{eff}}(t) \leq K$ and shrinking the regret constant accordingly (formally defined as Definition 83 : Connectivity-Pruned Contextual Arm Set, below; active arm count is 3/4/5 for Denied/Degraded/Connected regimes respectively).

Definition 82 (Capability-Hierarchy Warm-Start Prior). For each capability level $q \in \{0,1,2,3,4\}$ , define a prior weight vector $\mu^{(q)} \in \Delta^{K-1}$ encoding the expected relative utility of each arm given the system’s current resource state. The warm-start initialization replaces the cold-start $w_i(0) = 1$ with:

$w_i(0;\, q) = \exp\!\bigl(\eta_0 \cdot N_q \cdot \mu_i^{(q)}\bigr)$

where $\eta_0$ is the operational learning rate ( Definition 81 ) and $N_q$ is the number of virtual observations the prior is worth — calibrated offline. This is equivalent to having pre-observed $N_q$ rounds in which arm $i$ produced reward $\mu_i^{(q)}$ per round.

MAPE-K dependency: the $N_\text{mape}$ signal (MAPE-K loops executed per tick, used in the warm-start weight calibration) requires the MAPE-K loop to be operationally defined and its per-tick frequency to be observable. This signal is provided by Autonomic Control Loop (Definition 36) . Deployments that modify the tick-rate model from Self-Healing Without Connectivity must recalibrate the $N_q$ virtual observation counts accordingly.

RAVEN prior table ($K = 5$ action classes for the MAPE-K parameter bandit: gossip fanout, MAPE-K tick, anomaly threshold, cross-cluster priority, and $k_N$ shape). Note: Weibull shape $k_N$ is tuned by a separate partition-model bandit ( Definition 14 in Why Edge Is Not Cloud Minus Bandwidth) and is not one of the $K$ arms here — it appears as an arm only in that dedicated Weibull bandit:

Level	$\mu_1^{(q)}$	$\mu_2^{(q)}$	$\mu_3^{(q)}$	$\mu_4^{(q)}$	$\mu_5^{(q)}$	$N_q$
$\mathcal{L}_0$ (survival)	0.10	0.05	0.60	0.20	0.05	30
$\mathcal{L}_1$ (minimal)	0.20	0.10	0.45	0.20	0.05	40
$\mathcal{L}_2$ (degraded)	0.30	0.20	0.30	0.15	0.05	50
$\mathcal{L}_3$ (normal)	0.25	0.25	0.20	0.20	0.10	60
$\mathcal{L}_4$ (full)	0.20	0.25	0.15	0.20	0.20	60

Row sums to 1.0; $N_q$ values calibrated from 200 offline RAVEN partition simulations per level.

After round 1, the EXP3-IX update proceeds identically to Definition 81 . The warm-start only shifts the starting point; Proposition 60 ’s adversarial guarantee holds from round 1 onward because the regret analysis is over the sequence $t \geq 1$, not $t \geq 0$. If capability level transitions mid-partition (e.g., battery triggers $\mathcal{L}_3 \to \mathcal{L}_2$ ), re-weight via $w_i \leftarrow w_i \cdot \mu_i^{(q_{\text{new}})} / \mu_i^{(q_{\text{old}})}$ and renormalize — a single multiply-and-normalize pass over $K$ entries.

Compute Profile: CPU: $O(K)$ for initialization — $K$ exponential evaluations $w_i(0;q) = \exp(\eta_0 N_q \mu_i^{(q)})$ plus one normalization pass; same cost on level-change re-weighting. Memory: $O(K \cdot |Q|)$ — one prior weight vector per capability level $q \in Q$ .

Analogy: A new doctor starting residency — they don’t begin from zero. Medical school training (the prior) gives informed starting weights for each diagnostic approach, corrected by real patient outcomes.

Logic: Offline simulation provides $N_q$ virtual observations per capability level, shifting initial weights toward arms with historically high expected reward and cutting rounds-to-convergence by roughly 40%.

Simulator validity guard. The warm-start prior is valid only if the offline simulation accurately represents the deployment environment. When the non-stationarity detector ( Definition 84 ) fires within the first $2 N_q$ live rounds, the prior is discarded and weights reset to uniform (the invalidation condition above). An additional guard applies when the simulator is systematically biased: if any arm’s live empirical mean deviates from its simulated mean $\mu_i^{(q)}$ by more than $\sigma_{\text{calib}} = 0.3$ (calibration deviation threshold) within the first $N_q$ live rounds, that arm’s weight is reset to the uniform baseline $w_i = 1/K$ regardless of non-stationarity detection. This bounds the mis-calibration correction delay to $N_q$ rounds: an arm whose offline performance was systematically overestimated or underestimated cannot bias action selection beyond that window. The remaining arms retain their warm-start weights; only the individually miscalibrated arms are reset.

Prior validity precondition. The warm-start prior is valid only if Phase-0 measurements were collected in a representative (non-adversarial) environment. If the non-stationarity detector ( Definition 84 ) fires within the first $2 N_q$ live rounds after warm-start, the prior is discarded and weights are reset to uniform. This guards against Phase-0 measurements taken under anomalous or adversarially-contaminated conditions, where the offline simulation prior would bias the bandit toward arms calibrated to a corrupted baseline rather than the true operational environment.

Prior collapse under jamming — Strategic Amnesia. Under sustained jamming the warm-start prior becomes systematically wrong and biases the bandit toward sub-optimal arms for approximately $N_q$ live ticks. The Strategic Amnesia circuit breaker detects this via KL divergence between the field-observed arm-reward distribution and the prior; when the divergence persists above threshold, it resets weights to uniform, declares a low-$\Psi$ meta-diagnostic to the handover boundary ( Proposition 74 ), and resumes EXP3-IX from a clean slate. The prior was a performance optimisation, not a safety dependency — discarding it is safe by construction.

Strategic Amnesia — detecting and responding to prior collapse. The warm-start prior ( Definition 82 ) injects $N_q$ virtual observations into the initial weight distribution. Under nominal conditions this accelerates convergence by 40% ( Proposition 61 ). Under sustained jamming or severe distributional shift the priors become systematically wrong, biasing the bandit toward sub-optimal arms.

Monitor the KL divergence between the empirical arm-reward distribution observed in the field and the distribution implied by the prior:

$D_{\text{KL}}(\hat{P}_{\text{obs}}(t) | P_{\text{prior}}) = \sum_{i=1}^{K} \hat{p}_i(t) \ln \frac{\hat{p}_i(t)}{p_i^{\text{prior}}}$

where $\hat{p}_i(t)$ is the empirical reward frequency of arm $i$ over a sliding window of $W = 20$ ticks, and $p_i^{\text{prior}} \propto w_i(0; q)$ is the normalised warm-start weight. Under nominal conditions $D_{\text{KL}} \approx 0$. $\hat{P}_\text{obs}$ is computed from the true rewards $r_s$, not from the exploration-randomized arm selections — this ensures $D_\text{KL}$ detects adversary strategy changes rather than EXP3-IX’s own exploration variance.

Circuit breaker. When $D_{\text{KL}}(\hat{P}_{\text{obs}} | P_{\text{prior}}) > \varepsilon_{\text{conf}}$ persists for $n_{\text{persist}} \geq 5$ consecutive ticks ($\varepsilon_{\text{conf}} = 0.30$ nats for RAVEN), the circuit breaker fires in four steps. First (detect), the KL breach is confirmed: the offline simulation is no longer a valid model of the contested environment. Second (amnesia), weights reset to $w_i \to 1/K$ (uniform) and all $N_q$ virtual observations are discarded. Third (declare), the policy-confidence component of $\Psi(t)$ is set to its minimum, emitting a low-$\Psi$ meta-diagnostic to Proposition 74 , which evaluates it against $\Psi_\text{fail}$ to determine whether predictive handover preparation should begin; EXP3-IX re-learning from uniform weights continues and handover is not immediate — it is conditional on Proposition 74 ’s criterion being met. Fourth (re-learn), EXP3-IX continues with uniform weights from the reset point, and Proposition 60 ’s adversarial regret bound applies from reset onward.

Re-entry hysteresis. The circuit breaker clears only when $D_{\text{KL}}(\hat{P}_\text{obs} | P_\text{prior}) < \varepsilon_\text{conf} - \varepsilon_\text{hyst} = 0.25$ nats and remains below this level for $N_\text{persist} = 5$ consecutive ticks. This prevents oscillation when $D_\text{KL}$ hovers near the trigger threshold.

Cascading reset guard. If the Strategic Amnesia trigger fires more than once within a single relearn window ($T_\text{relearn} = B \times T_\text{tick}$), the system enters Degraded Policy Mode: the bandit’s action distribution freezes to the most recent non-uniform weights, and all actions are gated by the Safe Action Filter ( Definition 89 ). Degraded Policy Mode exits after $T_\text{stable} = 3 \times T_\text{relearn}$ with no additional amnesia triggers.

Notation: $\varepsilon_\text{conf} = 0.30$ nats and $\Psi_\text{fail} = 0.30$ share the same numeric value but are independent parameters with different units (nats vs. dimensionless confidence score). The coincidence is accidental — field calibration may change either independently.

Definition 83 (Connectivity-Pruned Contextual Arm Set). Let $b_C(t) = \min(3,\; \lfloor 4 C(t) \rfloor) \in \{0,1,2,3\}$ be the 2-bit connectivity bucket (same quantization scheme as Definition 87) (Definition 87 formalizes this quantization scheme later in this article; the partition-duration buckets used here are the 2-bit four-way discretization defined there). Define the minimum connectivity requirement for arm $i$ as the bucket threshold $\bar{b}_i$ below which arm $i$ is physically infeasible. The active arm set is:

$\mathcal{A}(t) = \bigl\{\,i \in \{1,\ldots,K\} : b_C(t) \geq \bar{b}_i\,\bigr\}$

The EXP3-IX selection and weight-update rules of Definition 81 are restricted to $\mathcal{A}(t)$ : inactive arms are neither pulled nor updated; their weights freeze at the last active value and resume when $C(t)$ recovers.

Re-activation protocol: when an arm transitions from frozen to active (connectivity regime improves), its weight is reset to the arithmetic mean of the current active arms’ weights rather than the frozen value. This provides a neutral prior relative to the current reward landscape without the over-optimism of a full uniform reset. The rationale: the frozen arm’s stale weight was calibrated to a different regime; the current peer weights represent the best available estimate for the new regime.

RAVEN arm connectivity thresholds (arm description and the connectivity bucket at which each arm becomes feasible):

Arm	Action	$\bar{b}_i$	Min $C(t)$	Infeasible when
1	$k_N$ shape tuning	0	any	Never — local compute only
2	Gossip fanout rate	1	$C > 0.25$	Denied regime (no peers reachable)
3	MAPE-K tick interval	0	any	Never — local compute only
4	Anomaly threshold	0	any	Never — local compute only
5	Cross-cluster priority	2	$C > 0.50$	Denied or Degraded

Active arm count $K_{\text{eff}}(t) = |\mathcal{A}(t)|$ : 3 arms when $C(t) \leq 0.25$ (Denied); 4 arms when $0.25 < C(t) \leq 0.50$ (Degraded); 5 arms when $C(t) > 0.50$ (Connected or Intermittent).

Context integration with Definition 87 is achieved by appending the 2-bit $b_C(t)$ field into the context index: the enhanced index is 8 bits ($2\,\text{bits} \times 4$ variables), giving $256$ contexts $\times K$ arms $\times 4$ bytes = 5 KB for $K=8$ — still MCU-feasible. On the adversarial side, an adversary who drives $C(t)$ below $0.25$ to freeze arms 2 and 5 cannot improve their regret against the remaining arms $\{1,3,4\}$, since those arms remain active and the adversarial guarantee ( Proposition 60 ) applies within $\mathcal{A}(t)$ .

Emergency arm set (K_eff floor). When $\mathcal{A}(t) = \emptyset$ — all arms pruned by the bandwidth constraint in AES conditions — the active set falls back to the single lowest-bandwidth arm, guaranteeing $K_{\text{eff}} \geq 1$ at all times and preventing division by zero in the EXP3-IX weight normalization.

Emergency arm set construction. If $\mathcal{A}(t) = \emptyset$ , the arm set falls back to:

$\mathcal{A}(t) = \{i : b_C(t) \geq \bar{b}_i\} \cup \mathcal{A}_{\text{emergency}}$

where $\mathcal{A}_{\text{emergency}}$ contains the single lowest-bandwidth arm ( $\min_i \bar{b}_i$ across all $i$), typically the most conservative autonomy mode (e.g., OBSERVE-only). This guarantees $K_{\text{eff}} \geq 1$ at all times, preventing division by zero in the EXP3-IX softmax weight normalization.

This condition arises only in AES (Autonomous Emergency State), where $b_C(t)$ has collapsed below even the minimum arm threshold. The autonomy confidence score $\Psi(t)$ ( Proposition 74 , The Constraint Sequence and the Handover Boundary) should already have triggered AES entry before $K_{\text{eff}} = 0$ is reached; the floor is a belt-and-suspenders guarantee.

Single-arm emergency fallback: when $K_\text{eff} = 1$ (fleet-wide AES conditions where the gossip network is fully unavailable), the EXP3-IX algorithm degenerates to a deterministic policy: the sole active arm is the emergency-mode arm (lowest-energy, highest-safety configuration). In this regime, the regret bound from Proposition 61 no longer applies — there is no learning because there is no choice. The system maintains its last non-uniform weight vector in memory so that when gossip connectivity is restored and $K_\text{eff}$ increases, the bandit resumes from its pre-blackout state rather than from a cold start.

Compute Profile: CPU: $O(K)$ per decision round — one connectivity-bucket comparison per arm to build $\mathcal{A}(t)$ , then EXP3-IX update restricted to $K_{\text{eff}} \leq K$ active arms. Memory: $O(K)$ — full weight vector retained; inactive arms hold frozen weights at zero additional memory cost. Connectivity pruning reduces per-round CPU proportionally.

Emergency Reset Protocol

When the dominant arm weight ratio exceeds the collapse threshold — $\max_i w_i(t) / \sum_j w_j(t) > \psi_{\text{collapse}}$ (default $\psi_{\text{collapse}} = 0.95$ ) — the weight distribution has collapsed to a degenerate point mass, concentrating nearly all selection probability on a single arm. In this state the bandit has effectively abandoned exploration and is vulnerable to adversarial exploitation of the dominant arm.

Analogy: A compass magnetized by a nearby object — Tier 1 is tapping it (small perturbation), Tier 2 is degaussing and reloading factory calibration, Tier 3 is replacing it entirely.

Logic: Weight collapse concentrates selection probability on one arm; the three-tier ladder injects progressively more entropy, discarding accumulated learning only when lighter perturbations fail to restore exploration.

A three-tier reset ladder handles collapse without discarding accumulated learning unnecessarily:

Tier 1 — Random Walk Injection. Triggers when collapse is detected for 1 cycle. Add uniform noise $\epsilon_{\text{rw}} = 0.05$ to all arm weights, then renormalize:

$w_i \leftarrow w_i + \epsilon_{\text{rw}}, \qquad w_i \leftarrow w_i / \sum_j w_j$

This injects a small exploratory perturbation while preserving the relative ordering of arm weights. If the collapse was caused by a reward spike on one arm, the perturbation allows other arms to recover within a few rounds.

Tier 2 — Partial Reset. Triggers when the non-stationarity detector ( Definition 84 ) fires AND collapse is still detected after Tier 1. Reset weights to the offline priors from Definition 82 , but retain only half the virtual observation credit:

$w_i \leftarrow \exp\!\bigl(\eta_0 \cdot (N_q/2) \cdot \mu_i^{(q)}\bigr), \qquad \text{then renormalize}$

Halving $N_q$ reduces the warm-start’s influence, allowing the bandit to adapt faster to the shifted environment while retaining some prior structure. This is appropriate when the environment has changed but the prior still partially applies.

Tier 3 — Full Reset. Triggers when both Tier 1 and Tier 2 failed to resolve collapse within $T_{\text{reset}} = 30$ cycles. Reinitialize all weights uniformly:

$w_i \leftarrow 1/K \quad \forall\, i$

After a full reset, the system re-enters the cold-start phase with Proposition 60 ’s adversarial guarantee applying from that reset point onward. The prior is discarded entirely — the offline simulation is no longer a valid model of the contested environment.

Adaptation lag bound. When the environment changes faster than $1/T_{\text{reset}}$ , the warm-start provides no benefit over uniform initialization. For the 30-cycle default, this bound is approximately 0.5 Hz — meaning environment state changes faster than every 2 seconds defeat the warm-start entirely, since the reset ladder cannot complete a full Tier 1 → Tier 2 → Tier 3 cycle before the environment shifts again. In high-tempo adversarial environments (jamming patterns cycling faster than 2 seconds), configure $T_{\text{reset}} \leq 5$ cycles and treat the warm-start as a cold-start accelerator rather than a reliable prior.

Proposition 61 (Warm-Start + Contextual Regret Bound). Let $\bar{K} = (1/T)\sum_{t=1}^T |\mathcal{A}(t)|$ be the time-averaged active arm count, and let $N_q$ be the warm-start virtual observation count at capability level $q$. The combined regret satisfies:

Physical translation: Pre-loading RAVEN’s bandit with offline simulation results acts like giving a new employee a comprehensive handbook before their first day. The system already knows roughly which decisions work well in each connectivity regime, so it spends 41% fewer rounds learning what a cold-start system would discover through expensive trial and error.

$R_T^{\mathrm{warm+ctx}} \;\leq\; 2\sqrt{(T - N_q)\;\bar{K}\;\ln \bar{K}}$

(valid for $T > N_q$ ; for $T \leq N_q$ the warm-start alone suffices and the regret is bounded by the initial weight divergence from the optimal arm.)

Proof sketch. Within each round, the EXP3-IX analysis of Proposition 60 applies over the active set $\mathcal{A}(t)$ with $K_{\text{eff}}(t)$ arms. Summing over rounds and applying Jensen’s inequality (concavity of $\sqrt{\cdot}$ ) to replace per-round $K_{\text{eff}}(t)$ with its mean $\bar{K}$ gives $R_T^{\text{ctx}} \leq 2\sqrt{T\,\bar{K}\,\ln \bar{K}}$ . The warm-start reduces the effective horizon: the prior correctly concentrates weight on the optimal arm with initial advantage $\ln(\mu_{i^*}^{(q)} \cdot K) / \eta_0 \approx N_q$ rounds of pre-credited exploration; replacing $T$ with $T - N_q$ captures this saving. $\square$*

Regret convergence comparison (RAVEN $\mathcal{L}_3$ , CONVOY-level denial: $\bar{K} = 3.5$ , $N_3 = 60$ ):

$R_T^{\mathrm{base}} = 2\sqrt{T \cdot 5 \cdot \ln 5} \approx 5.67\sqrt{T}, \qquad R_T^{\mathrm{warm+ctx}} \approx 2\sqrt{(T - 60) \cdot 3.5 \cdot \ln 3.5} \approx 4.24\sqrt{T - 60}$

Rounds $T$	Baseline $R^{\mathrm{base}}$	Warm-start $R^{\mathrm{warm}}$	Contextual $R^{\mathrm{ctx}}$	Combined $R^{\mathrm{w+c}}$	% reduction
100	57	47	42	21	63%
250	90	76	67	49	46%
500	127	107	95	75	41%
750	155	131	116	93	40%
1000	179	154	134	108	40%
2000	253	222	190	158	38%

Column formulas: $R^{\mathrm{base}} = 5.67\sqrt{T}$ ; $R^{\mathrm{warm}} = 5.67\sqrt{T-60}$ ; $R^{\mathrm{ctx}} = 4.73\sqrt{T}$ ( $\bar{K}=3.5$ , same $T$); $R^{\mathrm{w+c}} = 4.24\sqrt{T-60}$ .

Per-round regret flattening — the per-round regret $R_T/T$ falls below 0.12 (approximately 1 sub-optimal decision per 8 rounds) at:

$T_{\mathrm{base}} \approx \left(\frac{5.67}{0.12}\right)^2 = 2233 \text{ rounds}, \qquad T_{\mathrm{w+c}} \approx \left(\frac{4.24}{0.12}\right)^2 + 60 \approx 1312 \text{ rounds}$

The combined method reaches the convergence threshold at round 1312 versus the baseline’s round 2233 — 41% fewer rounds, confirming the “at least 40% faster flattening” target. In denial-heavy deployments ( $\bar{K} = 3.0$ ): $T_{\mathrm{w+c}} \approx 760$ rounds versus 2233 — 66% fewer rounds.

Physical translation: The cold-start learning penalty means RAVEN’s bandit selects sub-optimal healing actions for roughly the first 2200 decision rounds (~37 minutes at one tick per second) before its policy is reliably near-optimal. With the capability-level warm-start and C(t) pruning, this shrinks to ~1300 rounds (~22 minutes) under moderate denial — a 15-minute reduction in the “unprotected window” during which the system is learning rather than acting on learned knowledge. In active jamming scenarios where threats escalate within minutes, this matters.

Empirical status: The 41% round-count reduction and the specific $\bar{K} = 3.5$ figure are derived from RAVEN simulation with 200 offline partition trials per capability level; the reduction scales with how well the offline prior matches field conditions and should be re-measured when the deployment environment differs significantly from the simulation regime.

Watch out for: the $\sqrt{T - N_q}$ savings from the warm-start prior require that the prior’s arm weight concentrations are calibrated to field conditions, not just simulation conditions; a prior trained with different fault injection rates, terrain models, or RF environment models can concentrate weight on arms that are suboptimal in the field — and because the warm-start suppresses early exploration, the algorithm is slower to correct a wrong prior than it would be from a cold start, reaching the convergence threshold later rather than earlier when the prior is badly miscalibrated.

Adversarial Non-Stationarity Detection

EXP3-IX randomizes responses optimally but does not detect when the adversary changes strategy. Natural $Q$-changes (weather, battery depletion) and adversarial $Q$-changes (coordinated jamming) produce similar rate-shift signatures on the transition dimension alone. The discriminating signal is that adversarial changes are correlated with defender actions: the adversary observes selections and responds. Natural environmental drift is uncorrelated with what the defender just chose.

Definition 84 (Adversarial Non-Stationarity Detector). Two parallel CUSUM statistics [11] track transition rate $q_{ij}$ for a monitored regime pair $(i, j)$:

Rate-shift CUSUM:

$S_t^Q = \max\!\left(0,\; S_{t-1}^Q + \hat{q}_{ij}(t) - q_{ij}^{\mathrm{base}} - \delta_Q\right)$

Action-correlation CUSUM:

$S_t^{\mathrm{corr}} = \max\!\left(0,\; S_{t-1}^{\mathrm{corr}} + \hat{\rho}(a_t,\, \Delta q_t) - \delta_{\mathrm{corr}}\right)$

where $\hat{\rho}(a_t, \Delta q_t)$ is the sliding-window sample correlation between the defender’s most recent action $a_t$ and the concurrent $Q$-change magnitude $\Delta q_t$. Alarms fire when $S_t^Q > h_Q$ and/or $S_t^{\mathrm{corr}} > h_{\mathrm{corr}}$ .

$S_t^Q$	$S_t^{\mathrm{corr}}$	Diagnosis	Response
Below $h_Q$	Below $h_{\mathrm{corr}}$	No change	Continue current policy
Above $h_Q$	Below $h_{\mathrm{corr}}$	Natural drift	Update $Q$ baseline
Above $h_Q$	Above $h_{\mathrm{corr}}$	Adversarial	Switch to EXP3-IX $\sigma^*$; alert operators
Below $h_Q$	Above $h_{\mathrm{corr}}$	Spurious	Log; no action

Example: In RAVEN , a jammer monitoring mesh-re-establishment traffic consistently increases $q_{\text{Contested}\to\text{Denied}}$ within 3–24 transitions of the swarm selecting its standard re-route action. The action-correlation CUSUM $S_t^{\mathrm{corr}}$ crosses $h_{\mathrm{corr}}$ before $S_t^Q$ does, exposing the adversarial pattern (rate shift correlated with defender selection) rather than treating it as weather-driven natural drift. On dual alarm, the swarm switches to $\sigma^*$ randomization and alerts the operator — the jammer can no longer time bursts to exploit a predictable recovery window.

Proposition 62 (Q-Change Detection Delay Bound). For an adversarial rate shift of size $\delta > \delta_Q$, the expected detection delay from onset $\tau$ satisfies:

CONVOY ’s mountain terrain produces regime shifts lasting only 30–49 seconds, so the detector must fire within 15 seconds or the bandit never catches up.

$\mathbb{E}[T_{\mathrm{detect}} - \tau] \leq \frac{h_Q + O(1)}{\delta - \delta_Q}$

The proposition gives the maximum rounds $T_{\text{detect}}$ to identify a $\Delta q$ shift in reward distribution at false-alarm rate $\delta$; detection must complete within the environment’s dwell time in any new regime to prevent stale-model persistence when the bandit cannot adapt. The expected regime shift magnitude $\Delta q$ ranges from 0.1 to 0.5 (illustrative value) reward units across deployments; $\delta = 0.05$ (illustrative value) is the typical false-alarm rate. For CONVOY , regime shifts last 30–49 s (illustrative value), so $T_{\text{detect}}$ calibrated above 15 s (illustrative value) produces adaptation that is permanently lagged behind real conditions.

The dual false alarm rate satisfies:

$P\!\left(S_t^Q > h_Q \wedge S_t^{\mathrm{corr}} > h_{\mathrm{corr}} \;\Big|\; H_0\right) \leq \alpha_Q \cdot \alpha_{\mathrm{corr}}$

where $\alpha_Q, \alpha_{\mathrm{corr}}$ are the individual CUSUM false-alarm rates under null hypothesis $H_0$ (no adversarial change).

When both CUSUM detectors fire in the same tick — indicating simultaneous detection of a shift in two distinct statistics — the system treats these as a single compound trigger rather than two independent events. The response is the same as for a single CUSUM trigger (invoke the Non-Stationarity Detector, Definition 84 ), but the KL-divergence threshold for the Strategic Amnesia circuit breaker is halved to account for the higher confidence that a true regime shift has occurred.

Proof. The rate-CUSUM delay bound follows from Wald’s identity applied to the CUSUM random walk with drift $\delta - \delta_Q > 0$ . The product bound follows from the independence of $S_t^Q$ and $S_t^{\mathrm{corr}}$ under $H_0$: when no adversarial change is present, defender actions and natural $Q$-changes are uncorrelated by design (the defender’s randomized policy is independent of environmental noise). $\square$

RAVEN calibration ($h_Q = 5$, $\delta_Q = 0.2 \cdot q_{\mathrm{base}}$ , $h_{\mathrm{corr}} = 3$ , $\alpha_Q = 0.01$, $\alpha_{\mathrm{corr}} = 0.05$ ): dual false alarm rate $\leq 0.0005$ (approximately one false alarm per 33 h (theoretical bound) of operation); detection delay $\leq 13$ (theoretical bound) transitions from jamming onset (approximately 2 min (illustrative value) at RAVEN ’s observed transition rates).

Empirical status: The threshold values $h_Q = 5$, $\delta_Q = 0.2 \cdot q_{\mathrm{base}}$ , and the 30–49 s CONVOY regime-dwell figure are calibrated from simulation trials; the detection delay guarantee scales inversely with the margin $\delta - \delta_Q$, so deployments with smaller regime-shift magnitudes than CONVOY ’s mountain terrain will see proportionally longer detection windows and must re-tune $h_Q$ from at least 50 observed shift events.

Watch out for: the detection delay bound $(h_Q + O(1))/(\delta - \delta_Q)$ diverges as $\delta \to \delta_Q^+$ — when the adversary produces shifts just barely above the sensitivity threshold, the bound becomes arbitrarily large, meaning the system eventually detects the shift but detection delay can exceed the dwell time of the new regime; in this marginal-shift case, reducing $h_Q$ to lower detection delay trades directly against a higher false-alarm rate in steady state, and the right calibration requires measuring the actual regime-shift magnitude distribution from at least 50 observed events before setting the threshold.

Probabilistic Extension: Thompson Sampling

Thompson Sampling [Thompson, 1933] is the Bayesian dual of UCB and EXP3 . Where UCB uses optimistic confidence bounds and EXP3 uses adversarial weight updates, Thompson Sampling maintains a posterior distribution over each arm’s reward probability and samples from it.

Mechanism: Model each parameter arm $k$ with a Beta prior $\text{Beta}(\alpha_k, \beta_k)$ . At each round, one sample $\theta_k(t)$ is drawn from each arm’s current posterior and the arm with the highest sampled value is selected — arms with more uncertainty have wider posteriors and are therefore more likely to win the sample competition.

$\theta_k(t) \sim \text{Beta}(\alpha_k(t),\, \beta_k(t)), \quad a^*(t) = \arg\max_k \theta_k(t)$

After observing binary reward $r \in \{0,1\}$ , the selected arm’s Beta parameters are updated by incrementing $\alpha_{a^*}$ on success and $\beta_{a^*}$ on failure, tightening the posterior around the arm’s true success rate.

$\alpha_{a^*}(t+1) = \alpha_{a^*}(t) + r, \quad \beta_{a^*}(t+1) = \beta_{a^*}(t) + (1 - r)$

Why this matters for edge systems: Thompson Sampling achieves $O(\sqrt{TK \ln T})$ Bayesian regret in stochastic environments — comparable to UCB but empirically faster to converge. More importantly, the Beta posterior naturally encodes uncertainty - a parameter with few observations has a flat, wide posterior; one with many observations concentrates. In contested environments where some OUTPOST sensors are intermittently partitioned, Thompson Sampling degrades gracefully: arms without recent data retain high uncertainty (wide Beta) and are explored proportionally, rather than being over-confidently exploited ( UCB ) or uniformly penalized ( EXP3 ).

Reconnection handling: When a partitioned node reconnects, its prior $(\alpha_k, \beta_k)$ is exactly the right representation of pre-partition knowledge. Stale UCB confidence bounds are harder to interpret after a partition; Beta posteriors compose naturally with gossip -propagated priors from peer nodes.

Each peer initializes from the shared prior $(\alpha_0 = 1, \beta_0 = 1)$ and tracks only observed successes $s_i$ and failures $f_i$ (excluding the prior). The merged posterior is: $\alpha^{\text{merged}} = \alpha_0 + \sum_i s_i$ , $\beta^{\text{merged}} = \beta_0 + \sum_i f_i$ . This avoids prior double-counting by tracking raw outcomes rather than full posterior parameters.

Fleet-level parameter reconciliation — scalar parameters (R-12): The Beta posterior merge above handles bandit arm parameters. Anti-fragility operates at fleet level ( Definition 79 : $A$ is measured across the fleet’s aggregate performance), but learning happens cluster-scoped during partition — each cluster independently updates its local $A$ estimate from local stress-response observations.

When two clusters reconnect, they may have diverged on scalar anti-fragility parameters: cluster 1 observed $\hat{A}_1$ over $N_1$ trials; cluster 2 observed $\hat{A}_2$ over $N_2$ trials. The reconciliation rule is a precision-weighted average (inverse-variance weighting under Gaussian approximation): $\hat{A}_{\text{merged}} = (N_1 \hat{A}_1 + N_2 \hat{A}_2) / (N_1 + N_2)$ , equivalent to pooling all observations and recomputing the sample mean.

Precondition: this merge is valid only if the two clusters experienced the same stress regime. If cluster 1 experienced 20-minute partitions and cluster 2 experienced 5-minute partitions, their $\hat{A}$ estimates are at different points on the $A(\sigma)$ curve and must not be averaged — instead, maintain separate $\hat{A}(\sigma_k)$ estimates per stress level. For RAVEN with a uniform partition-duration distribution (mission-assigned blackout schedule), reconciliation reduces to the simple weighted average; for opportunistic partitions (terrain-driven, duration-variable), track $\hat{A}$ per duration bucket.

The CRDT mechanism for this merge is a per-bucket $(N_k, \hat{A}_k \cdot N_k)$ counter pair stored as OR-Set entries, with merge defined as coordinate-wise addition followed by recomputing $\hat{A}_k = \text{sum}_k / N_k$ .

$\alpha_k^{\text{merged}} = \alpha_0 + \sum_{i \in \text{peers}} s_k^{(i)}, \quad \beta_k^{\text{merged}} = \beta_0 + \sum_{i \in \text{peers}} f_k^{(i)}$

Recommendation: Use Thompson Sampling as the default for commercial edge deployments ( AUTOHAULER , GRIDEDGE ) where rewards are stochastic but not adversarially structured. Use EXP3 for contested tactical environments ( RAVEN , CONVOY ) where adversarial parameter manipulation is a threat model.

Table: Decision algorithm selection guide.

Algorithm	Regret Bound	Non-stationarity	Adversarial Robustness	Complexity	Best For
UCB	$O(\sqrt{KT\ln T})$	Poor (assumes stationary)	Low	Low	Stationary environments
EXP3	$O(\sqrt{KT\ln K})$	Moderate (sliding window)	High (minimax optimal vs. oblivious adversary)	Low	Adversarial/non-stationary
Thompson Sampling	$O(\sqrt{KT\ln T})$	Good (prior updating)	Moderate	Medium	Bayesian, posterior updates

After 1000 (illustrative value) gossip cycles, RAVEN ’s learned policy uses packet loss rate as a switching condition: if loss exceeds 30% (illustrative value), gossip interval is set to 3s (illustrative value); if loss is below 5% (illustrative value), interval is 8s (illustrative value); otherwise it holds at 5s (illustrative value).

This policy illustrates how bandit algorithms can discover relationships between environmental conditions and optimal parameters - relationships that may not be apparent from design-time analysis alone.

Delayed-Feedback Extension: Weibull-Aware Tuning Loop

The three algorithms above assume reward is observed before the next arm pull. Under Weibull partitions ( Definition 13 ) with $k_N < 1$, the reward signal for the shape-parameter bandit ( Definition 14 ) — measured as realized partition cost relative to prediction — arrives only at partition end, potentially hours later. Definition 85 adapts EXP3-IX for this regime. Proposition 63 bounds regret degradation. Definition 86 provides an immediate surrogate reward when the true mission outcome is unavailable. Definition 87 discretizes partition context into O(1) memory.

Definition 85 (Delayed-Feedback EXP3-IX [Joulani et al., 2013]). Let the feedback delay for pull at partition onset $s$ be $d_s = T_N^{(s)}$ — the actual partition duration, observed only at partition end. Define batch window $B = \lceil E[T_N] \rceil$ (one expected partition, LUT-approximated per Definition 13). $T_N$ is the partition duration random variable from Definition 13; $k_N$ is the same shape parameter as Definition 14. The pending buffer $\mathcal{P}$ holds $(k_s,\; s)$ pairs for pulls awaiting reward; capacity is bounded by $|\mathcal{P}| \leq \lfloor Q_{0.95} / T_{\min} \rfloor$ entries (static upper bound; MCU-allocatable). At each partition event $s$:

On each pull, arm $k_s \in \{0.3, 0.4, \ldots, 1.0\}$ is selected per EXP3-IX weights and $(k_s,\; s)$ is appended to $\mathcal{P}$ . On receiving feedback at partition end (time $s + d_s$), the true reward $r_s = -\max(0,\; T_{\text{acc}}^{(s)} - E[T_N \mid k_s]) / Q_{0.95}(k_s)$ ( Definition 14 reward signal) is computed and $(k_s,\; s)$ is removed from $\mathcal{P}$ . The weight is then updated: $\hat{r}_{k_s}^{\text{IX}} = r_s / (p_{k_s}(s) + \gamma){}$ ; $w_{k_s}$ is updated per Definition 81 .

Buffer overflow handling: when actual feedback delay exceeds B ticks and the buffer is full, the oldest pending reward is dropped (not applied to weight updates). A dropped-reward counter increments. If the dropped-reward rate exceeds 0.10 (10% of rounds), this signals that the Weibull partition model has underestimated $\mathbb{E}[T_N]$ and the buffer size should be increased: $B_\text{new} = \lceil 1.5 \times B_\text{current} \rceil$ , up to a hard maximum $B_\text{max} = 500$ rounds. The dropped-reward count is included in the Local Surrogate Reward ( Definition 86 ) as a negative signal.

Proposition 63 (Regret Under Heavy-Tailed Delay). Under Definition 85 with $T$ partition events and batch window $B = \lceil E[T_N] \rceil$:

Physical translation: Long partitions mean feedback about past decisions arrives late. This proposition proves that the extra regret from late-arriving feedback is at most $\sqrt{2}$ times the regret of a system with instant feedback — so RAVEN operating under heavy-tailed partition delays performs at most 41% worse than it would with a perfect radio link, not arbitrarily worse. The $\sqrt{2}$ factor is tight: the buffered estimator’s variance is exactly double the instantaneous estimator’s.

$R_T^{\text{delay}} \leq 2\sqrt{T K \ln K} \cdot \sqrt{1 + E[T_N]/B} \leq 2\sqrt{2} \cdot \sqrt{T K \ln K}$

The proposition bounds delayed-feedback EXP3-IX regret when heavy-tailed Weibull partition durations add a $\sqrt{1 + E[T_N]/B}$ overhead factor over the instantaneous bound, with batch window $B = \lceil E[T_N] \rceil$. For CONVOY with $k_N = 0.62$ (illustrative value), the overhead factor evaluates to approximately $1.41\times$ (theoretical bound under illustrative parameters) over the instantaneous bound. $E[T_N]$ is the expected partition duration from Definition 13 (Weibull Partition Duration Model, Why Edge Is Not Cloud Minus Bandwidth); $k_N$ is the same shape parameter as Definition 14 . The bound remains finite only when $k_N > 0$, which requires verification from real partition duration data — the Weibull assumption does not hold under deterministic or bimodal partition-duration distributions.

The factor $\sqrt{2}$ is a constant independent of $k_N$ or $\lambda_N$ — setting $B$ to the expected partition duration absorbs the delay into a single overhead term. The bound holds for all $k_N > 0$: $E[T_N] = \lambda_N \cdot \Gamma(1 + 1/k_N)$ is finite for every Weibull parameter. Contrast Pareto-distributed delays ($\alpha \leq 2$): $E[d] = \infty$, breaking all standard regret bounds — the selection criterion from Section 2 of the design.

Proof sketch. Index time by partition events. Rounds where true reward has not yet arrived contribute phantom zero-reward updates. By the delayed-feedback EXP3 analysis (Joulani et al., 2013), inserting $\sum_s d_s \approx T \cdot E[T_N] / B$ phantom rounds inflates regret by $\sqrt{1 + E[T_N]/B}$ ; with $B = \lceil E[T_N] \rceil$, this factor is $\leq \sqrt{2}$ .

The full derivation applies the Azuma-Hoeffding inequality to the buffered reward sequence. Three key steps: (1) bound the variance of each dropped reward by $R_\text{max}^2$; (2) apply the union bound over all B buffer positions; (3) the $\sqrt{2}$ multiplicative factor arises from the doubled variance of the buffered estimator relative to the instantaneous estimator. $\square$

Composed regret bound. The delayed-feedback regret (this proposition) composes with the instantaneous EXP3-IX regret bound ( Proposition 60 ): when partition episodes are independent, the composed bound is at most $\sqrt{2}$ times the instantaneous regret. When episodes are correlated — as during sustained adversarial conditions — the composed regret may exceed this by a factor proportional to the autocorrelation time $\tau_{\text{corr}}$. Treat the $\sqrt{2}$ factor as a lower bound on overhead in correlated regimes.

CONVOY calibration ($k_N = 0.62$, $\lambda_N = 4.62$ hr, $K = 8$, $T = 100$ partition events): instantaneous bound $R_T \leq 2\sqrt{TK\ln K} \approx 115$ ; delayed bound $R_T^{\text{delay}} \leq 2\sqrt{2} \cdot \sqrt{TK\ln K} \approx 163$ — at most $\sqrt{2}$ times the instantaneous regret bound ( Proposition 60 ) when partition episodes are independent.

For $k_N = 0.3$ (very heavy tail, $E[T_N]/B \approx 3$): regret inflates to $2\times$ instantaneous — the bounded planning cost of catastrophic partitions before the bandit has seen enough events to calibrate.

Physical translation: The $\sqrt{2}$ factor means delayed feedback — where reward arrives only at partition end, potentially hours after the decision — costs at most 41% more regret than if reward were instantaneous. This is a concrete budget: for CONVOY with $k_N = 0.62$, accepting delayed feedback (the only realistic option during multi-hour mountain partitions) inflates the regret bound from 115 to 163 sub-optimal decisions. The $\sqrt{2}$ bound is independent of how long the partition lasts, as long as the batch window $B$ equals the expected partition duration — a single design choice that absorbs the delay cost entirely.

Empirical status: The $k_N = 0.62$ shape parameter and the instantaneous/delayed bound values of 115 and 163 are calibrated from CONVOY simulation; the $\sqrt{2}$ overhead factor is a worst-case theoretical constant that holds for any $k_N > 0$, but the actual inflation observed in field trials depends on how closely $B$ matches the realized mean partition duration — re-calibrate $B$ if field partition durations differ from the simulation estimate by more than 20%.

Watch out for: the $\sqrt{2}$ overhead factor requires $B = \lceil E[T_N] \rceil$ — when the batch window is set from a stale or biased estimate of the expected partition duration, the overhead factor can exceed $\sqrt{2}$ by a factor proportional to $E[T_N]_{\text{true}}/B$; a deployment where terrain or adversarial conditions cause partitions significantly longer than the simulation-estimated $E[T_N]$ will find its batch window consistently too short, causing phantom zero-reward updates to accumulate faster than the buffer absorbs them and producing regret that grows worse than the $\sqrt{2}$ bound guarantees.

Definition 86 (Local Surrogate Reward). During active partition ($\Xi = N$), before the true end-of-partition reward (Definition 85, Step 2) arrives, the surrogate reward aggregates four MCU-local observables available on every MAPE-K tick:

Signal	Symbol	Scale
CPU temperature deviation	$\Delta T_{\text{cpu}}(t)$	$\Delta T_{\text{max}}$ (throttle onset)
Battery drain excess	$\dot{E}_{\text{bat}}(t) - \dot{E}_0$	$\dot{E}_0$ (idle drain)
MAPE-K loops per tick	$N_{\text{mape}}(t)$	$N_{\text{mape}}^{\text{max}}$ (stable rate)
Partition accumulator ratio	$T_{\text{acc}}(t)$	$Q_{0.95}$ (Proposition 37 threshold)

$r_{\text{surr}}(t) = -\left[w_1 \frac{\Delta T_{\text{cpu}}}{\Delta T_{\text{max}}} + w_2 \frac{\dot{E}_{\text{bat}} - \dot{E}_0}{\dot{E}_0} + w_3 \frac{N_{\text{mape}}}{N_{\text{mape}}^{\text{max}}} + w_4 \frac{T_{\text{acc}}}{Q_{0.95}} \right], \quad \sum_i w_i = 1$

The surrogate reward computes a scalar in $[-1, 0]$ from CPU temperature, battery drain, MAPE-K cycle count, and $T_{\text{acc}}$ during partition, serving as an interim reward when the true partition-end reward is unavailable; without it, multi-hour partitions cause severe EXP3-IX weight drift from reward starvation. Weights satisfy $w_1+w_2+w_3+w_4 = 1$ ; for CONVOY , the battery weight is $w_2=0.35$ (illustrative value) reflecting the vehicle platform’s power sensitivity. Bias correction against the realized reward at each partition end is structurally required: without it, surrogates systematically over-penalize compute-heavy but effective arms by attributing to them the running cost they incur precisely because they are active.

so $r_{\text{surr}}(t) \in [-1, 0]$ . The surrogate is applied as a fractional Q-update (weight $\beta_{\text{surr}} \in (0,1)$ ) at each tick. When true reward $r_s$ arrives at partition end, a bias correction $\Delta r = r_s - \beta_{\text{surr}} \cdot \bar{r}_{\text{surr}}$ — where $\bar{r}_{\text{surr}}$ is the partition-averaged surrogate — is applied as a one-shot Q-update, preventing surrogate-induced drift from compounding across partitions.

Physical translation. The surrogate reward tells the bandit “how well the system is doing right now” using signals available locally (CPU temperature, battery, MAPE-K loop health, partition accumulator). It is a proxy for the true mission outcome, which will only be known post-mission. The weight vector $w$ encodes which subsystem health matters most; $w_\text{battery}$ high means the bandit conserves power aggressively.

The battery and MAPE-K overhead components of this surrogate reward use the power consumption model established in Definition 51 (Autonomic Overhead Power Map) . Deployments that modify the overhead power map must recalibrate the surrogate reward weights accordingly.

Definition 87 (Partition Context Discretization). Arm selection is conditioned on three continuous partition-state variables, each quantized to 2 bits for O(1) lookup. Each variable $x$ maps to bucket $b_x = \min(3,\; \lfloor 4x / x_{\max} \rfloor)$ via a single integer right-shift:

Variable	$x_{\max}$	Bucket semantics
$T_{\text{acc}} / Q_{0.95}$	1.0	$b=0$: early; $b=1$: mid; $b=2$: late; $b=3$: past Proposition 37 gate
$\hat{\pi}_N$ (regime occupancy)	1.0	Quartiles of partition fraction
$Q_{\text{link}} \in [0,1]$	1.0	Link-quality quartiles

The context index packs three 2-bit fields into one byte:

$c(t) = b_{T}(t) \;\Big|\; \bigl(b_{\pi}(t) \ll 2\bigr) \;\Big|\; \bigl(b_{Q}(t) \ll 4\bigr) \;\in\; \{0,\ldots,63\}$

The definition encodes partition state into a 6-bit context index at each MAPE-K tick, selecting the corresponding context-specific EXP3-IX weight vector and preventing uniform weight updates from conflating short and long partitions that require fundamentally different autonomic strategies. Memory cost is $64$ (theoretical bound) contexts $\times$ $K$ arms $\times$ $4$ bytes = 2 KB (theoretical bound under illustrative parameters) total for $K=8$ (illustrative value), fitting within MCU SRAM without dynamic allocation. Weight vectors initialized from simulation rather than cold-started eliminate the first 50 (illustrative value) real partitions that would otherwise be consumed by pure exploration before any context-specific learning signal accumulates.

Bucket-boundary hysteresis. The 2-bit quantization creates sharp bucket boundaries where small signal fluctuations can cause rapid context switching and arm-set aliasing. To prevent rapid arm-set switching at bucket boundaries, transitions from bucket $b$ to bucket $b+1$ require the signal to exceed the upper threshold $\theta_{b+1}^+$, while transitions from $b+1$ back to $b$ require the signal to fall below the lower threshold $\theta_b^-$, where $\theta_{b+1}^+ - \theta_b^- \geq \delta_{\text{hyst}}$ for hysteresis width $\delta_{\text{hyst}} > 0$. For RAVEN with 2-bit quantization over $[0,1]$ (bucket width 0.25), set $\delta_{\text{hyst}} = 0.05$ — a 5-unit deadband centered on each nominal boundary — so that a signal hovering at 0.5 does not continuously switch between bucket 1 and bucket 2. This adds no memory overhead: the hysteresis state is a single 2-bit register per variable.

Each context maintains its own EXP3-IX weight vector $\mathbf{w}^{(c)} \in \mathbb{R}^K$ ; total memory: $64 \times K \times 4$ bytes (for $K = 8$: 2 KB — MCU-feasible). CONVOY outcome (100 partition events): contexts $b_T \geq 2$ (long partitions) converge to lower-$k$ arms ($k \approx 0.4$–$0.5$); contexts $b_T = 0$ (short partitions) retain higher-$k$ arms ($k \approx 0.7$–$0.8$) — the bandit naturally separates near-exponential short partitions from heavy-tailed long ones.

Physical translation. The 64-context table is $4 \times 4 \times 4$ (connectivity states, resource states, time-in-partition states) = 64 distinct situations the bandit tracks separately, each with its own weight vector. Without context: one policy for all partitions, missing that a 10-minute mountain blackout requires different action weights than a 6-hour communications-denied operation. With context: the bandit has separate learned intuitions for “early in a short partition” versus “deep in a catastrophic partition” — encoded in 2 KB total, fitting in MCU SRAM with no dynamic allocation. The 2-bit quantization per dimension is the minimum resolution that separates qualitatively different situations without over-fitting on sparse partition data.

k_N stability scope. The 64 context-specific weight vectors in this definition are indexed against the current Weibull shape parameter $k_N$ ( Definition 14 , Why Edge Is Not Cloud Minus Bandwidth). For deployment: treat $k_N$ as a mission-phase constant — calibrated offline from historical partition logs, frozen during mission execution. In-field adaptation via Definition 14 ’s meta-bandit is a post-mission recalibration step only. If a distributional shift is detected mid-mission that requires $k_N$ to change, reset all 64 context weight vectors to uniform and restart the warm-start procedure from Definition 82 with the new $k_N$. Carrying stale weight vectors forward after a $k_N$ change produces systematically biased action selection.

Commercial Application: ADAPTSHOP Dynamic Optimization

ADAPTSHOP operates recommendation and pricing for an e-commerce platform. Every recommendation, ranking, and offer involves decisions under uncertainty; each provides learning feedback. Multi-armed bandits continuously optimize these decisions.

The exploration-exploitation challenge: A traditional A/B test allocates traffic 50/50 between variants for weeks, then picks a winner. This wastes traffic on inferior variants. Bandit algorithms dynamically shift traffic toward better-performing variants while maintaining exploration - the same exploration-exploitation tradeoff faced by edge systems selecting healing actions or gossip intervals.

Bandit applications in ADAPTSHOP : Five distinct decision types are optimized concurrently, each with a different action space (Arms), a different observable reward signal, and a different algorithm chosen to match the statistical structure of that decision.

Decision	Arms	Reward Signal	Algorithm
Homepage layout	5 layout variants	Click-through rate	Thompson Sampling
Search ranking	8 ranking models	Purchase within session	UCB
Email subject line	4-12 variants	Open rate	Thompson Sampling
Discount level	0%, 5%, 10%, 15%, 20%	Revenue - discount cost	Contextual bandit
Recommendation slot	20+ candidate products	Click + purchase	LinUCB

UCB in practice for search ranking:

ADAPTSHOP ’s search ranking uses UCB to balance showing proven-effective rankings versus testing new ranking models; $\hat{\mu}_i$ is the observed conversion rate for model $i$, $N$ is total queries served, and $n_i$ is queries served by model $i$.

$\text{UCB}(\text{model}_i) = \hat{\mu}_i + c\sqrt{\frac{\ln N}{n_i}}$

Parameters follow the standard UCB formulation (see Proposition 58 ); $c = 1.5$ is set for ADAPTSHOP ’s exploration-exploitation balance, tuned empirically against revenue outcomes.

After 10 million search queries, the bandit has distributed traffic according to UCB scores; the table shows how Model B has earned the largest share while Models C and D continue receiving exploration traffic.

Ranking Model	Queries Served	Conversion Rate	UCB Score
Model A (baseline)	3.2M	4.2%	0.0421
Model B (new ML)	4.1M	4.7%	0.0471
Model C (hybrid)	2.4M	4.5%	0.0453
Model D (experimental)	0.3M	3.9%	0.0428

Model B receives the most traffic (highest UCB ), but Models C and D continue receiving exploration traffic. If conditions change (new product categories, seasonal shifts), the exploration ensures the system can detect when a previously inferior model becomes superior.

Contextual bandits for dynamic pricing:

Discount decisions depend on context: user history, product category, inventory level, time of day. ADAPTSHOP uses contextual bandits that incorporate these features:

$\text{Expected Revenue}(d, x) = \mathbb{E}[\text{Price} \cdot P(\text{purchase} | d, x)] - \text{Discount}(d)$

where $d$ is discount level and $x$ is context vector.

The contextual bandit learns that first-time visitors respond strongly to a 10% discount (illustrative value) — high conversion lift — while repeat customers convert without a discount, making any discount pure margin loss. High-inventory items benefit from aggressive discounting; low-inventory items should not be discounted because they will sell regardless.

These patterns emerged from operational learning - not from a priori assumptions.

Regret analysis for ADAPTSHOP :

Over 30 days with 360 million recommendation decisions, cumulative regret sums the per-round reward gap between the optimal action $\mu^*$ and the action $a_t$ actually chosen, bounded by the UCB guarantee.

$\text{Cumulative Regret} = \sum_{t=1}^{T} (\mu^* - \mu_{a_t}) \approx O(\sqrt{T \cdot K \cdot \ln T})$

Observed regret: 2.3% of optimal (estimated), meaning near-optimal revenue was achieved without foreknowledge of which actions were best.

Anti-fragility through continuous learning:

ADAPTSHOP ’s anti-fragility manifests in adaptation to changing conditions; the diagram below shows how each environmental shift triggers detection, policy update, and convergence to a new optimum — the same learning cycle as RAVEN ’s parameter tuning, applied to e-commerce.

    
    graph TD
    subgraph "Week 1: Holiday Season Begins"
        W1["Traffic 3x normal
User behavior shifts"]
        W1B["Bandits detect shift
Exploration increases"]
        W1C["New optimal discovered
Aggressive discounts win"]
    end

    subgraph "Week 2: Inventory Depletes"
        W2["Popular items OOS
Recommendations stale"]
        W2B["Bandits detect low CTR
Shift to alternatives"]
        W2C["Substitute products
promoted automatically"]
    end

    subgraph "Week 3: Post-Holiday"
        W3["Traffic normalizes
Discount sensitivity returns"]
        W3B["Bandits detect shift
Reduce discount levels"]
        W3C["Margins recover
while maintaining conversion"]
    end

    W1 --> W1B --> W1C
    W1C --> W2
    W2 --> W2B --> W2C
    W2C --> W3
    W3 --> W3B --> W3C

    style W1 fill:#ffcdd2,stroke:#c62828
    style W2 fill:#fff3e0,stroke:#f57c00
    style W3 fill:#c8e6c9,stroke:#388e3c

Each environmental shift (holiday traffic, inventory changes, post-holiday normalization) is a stress event. The bandit algorithms detect the shift through degraded reward signals, increase exploration to find new optima, and converge on better policies. The system emerges from each stress period with updated models - anti-fragile behavior.

Edge system parallel: ADAPTSHOP ’s bandit algorithms face the same fundamental challenge as RAVEN ’s gossip interval tuning: unknown optimal parameters, noisy reward signals, non-stationary environments, and a limited exploration budget.

The mathematical framework ( UCB , Thompson Sampling , regret bounds) transfers directly. RAVEN learns optimal gossip intervals from packet delivery feedback; ADAPTSHOP learns optimal discount levels from purchase feedback. Both convert operational experience into improved policies.

Quantified improvement (with uncertainty bounds):

Revenue lift vs. static policies: $+8.3\% \pm 1.2\%$ (illustrative; 95% CI, measured over 12 weeks in simulation)
Adaptation time to major shifts: $4.8 \pm 1.4$ hours (vs. $14 \pm 5$ days for traditional A/B tests)
Regret reduction vs. epsilon-greedy: $34\% \pm 6\%$ (theoretical bound: $O(\sqrt{T \ln K})$ vs. $O(\epsilon T)$)

Updating Local Models

Every edge system maintains internal models: a connectivity model (Markov chain for connectivity state transitions), an anomaly detection model (baseline distributions for normal behavior), a healing effectiveness model (success probabilities for healing actions), and coherence timing estimates (expected reconciliation costs).

Each partition episode provides new data for all models; Bayesian updating [13] multiplies the prior belief $P(\theta)$ by the likelihood of the observed data under each parameter value, then normalizes to give the posterior $P(\theta | D)$.

$P(\theta | D) = \frac{P(D | \theta) \cdot P(\theta)}{P(D)}$

Where $\theta$ are model parameters, $D$ is observed data, $P(\theta)$ is prior belief, and $P(\theta|D)$ is posterior belief.

Connectivity model update: After 7 partition events (illustrative value), RAVEN ’s Markov transition estimates improved: the transition rate $\lambda_{connected \rightarrow degraded}$ moved from a prior of 0.02/hour (illustrative value) to a posterior of 0.035/hour (illustrative value), and $\lambda_{degraded \rightarrow denied}$ from a prior of 0.1/hour (illustrative value) to a posterior of 0.08/hour (illustrative value).

The updated model more accurately predicts partition probability, enabling better preemptive preparation.

Anomaly detection update: After 2 jamming episodes (illustrative value), RAVEN ’s anomaly detector incorporated new signatures: starting from a prior with no jamming-specific features, the posterior added signal-to-noise ratio drop, packet loss spike, and multi-drone correlation as distinguishing inputs.

The detector’s precision improved from 0.72 to 0.89 (in simulation) after incorporating jamming-specific patterns learned from stress events.

Anti-fragile insight: models get more accurate with more stress. Each stress event provides samples from the tail of the distribution - the rare events that design-time analysis cannot anticipate. A system that has experienced 12 partitions has a more accurate partition model than a system that has experienced none.

The diagram below shows how each stress event feeds a five-step cycle where observation drives model updates, improved policies produce better responses, and each response reduces regret on the next encounter.

    
    graph TD
    A["Stress Event
(partition, failure, attack)"] --> B["Observe Outcome
(what actually happened)"]
    B --> C["Update Model
(Bayesian posterior update)"]
    C --> D["Improve Policy
(better parameters)"]
    D --> E["Better Response
(reduced regret)"]
    E -->|"next stress"| A

    style A fill:#ffcdd2,stroke:#c62828
    style B fill:#fff9c4,stroke:#f9a825
    style C fill:#bbdefb,stroke:#1976d2
    style D fill:#e1bee7,stroke:#7b1fa2
    style E fill:#c8e6c9,stroke:#388e3c

This learning loop is the core mechanism of anti-fragility . Each cycle through the loop makes the system more capable of handling the next stress event.

Model convergence rate: The posterior concentration tightens with more observations, expressed here as the posterior variance of parameter $\theta$ given $n$ data points with per-observation variance $\sigma^2$:

$\text{Var}(\theta | D_n) \approx \frac{\sigma^2}{n}$

After $n$ stress events, parameter uncertainty decreases by a factor of $\sqrt{n}$ . The system’s confidence in its models grows with operational experience.

Identifying Patterns That Predict Partition

Partition events don’t emerge from nothing. Precursors exist: signal degradation, geographic patterns, adversary behavior signatures. Machine learning can identify these precursors and enable preemptive action.

A partition prediction model uses five input features: signal strength trend (5-minute slope), packet loss rate (current value and derivative), geographic position (known radio shadows), time-of-day (adversary activity patterns), and multi-node correlation (fleet-wide degradation versus local). The classifier answers a binary question: will partition occur within the $\tau$ time horizon?

CONVOY learned partition prediction after 8 events (illustrative value): packet loss exceeding 20% (illustrative value) AND geographic position within 2km (illustrative value) of a ridge line yields 78% (illustrative value) probability of partition within 10 minutes (illustrative value); the preemptive action was to synchronize state, delegate authority, and agree on a fallback route; the outcome was that preparation reduced partition recovery time from 340s (illustrative value) to 45s (illustrative value).

Each prediction (correct or incorrect) improves the predictor. A true positive confirms the pattern and validates the preemptive action value. A false positive means the threshold needs adjustment. A true negative confirms correct identification of normal conditions. A false negative is a missed partition — requiring new features that would have detected it to be added.

The system becomes anti-fragile to partition: each partition event improves partition prediction, reducing the cost of future partitions.

Cognitive Map: The learning-from-disconnection section builds the three-algorithm toolkit for anti-fragile parameter management. UCB handles stochastic environments: exploration bonus decays as arms are tried, converging to the best arm. EXP3 handles adversarial environments: permanent randomization via importance-weighted multiplicative updates prevents convergence to any exploitable pattern. Thompson Sampling handles the Bayesian case: posterior uncertainty drives exploration naturally and composes with gossip-shared priors after reconnection. The partition prediction subsection closes the loop — partition events themselves become training data that improve the next partition’s preparation.

Defensive Learning Under Adversarial Rewards

An adaptive adversary can weaponize the learning process itself. If RAVEN’s online learner converges to corridor C-7 because three consecutive low-jamming windows made it appear optimal, the adversary has successfully planted a predictable pattern that can be sprung as a trap. Three-layer defensive learning: (1) clip rewards to $\pm k_{\text{clip}} \sigma_r$ around the $L_0$ baseline to reject adversarially large signals; (2) filter actions through the safe feasibility set $\mathcal{U}_{\text{safe}}$ to enforce gain-delay stability before any arm is selected; (3) CUSUM-detect favorable reward trends and respond with increased exploration rather than increased exploitation — treat apparent opportunities as threat hypotheses. Reward clipping that is too aggressive prevents the system from learning genuine improvements. Clipping set at $k_{\text{clip}} = 3\sigma$ accepts most legitimate reward variation while rejecting adversarial spikes; $k_{\text{clip}} = 1\sigma$ is very conservative and may suppress real signal. The $L_0$ baseline anchor must be established during a clean Phase-0 attestation window — if that window was contaminated, all downstream clipping is miscalibrated.

At day 11 of the RAVEN deployment, signals intelligence identifies a pattern: EW intensity on corridor C-7 drops for 10–68 minutes every six hours, consistent with adversary equipment rotation. RAVEN’s online learner accumulates positive reward for C-7 during three consecutive low-intensity windows and shifts its exploitation preference toward that corridor. Day 14, hour 06:00: the EW rotation does not happen. Maximum jamming activates on C-7 as RAVEN commits 31 of 47 drones to the corridor.

This is not a failure of the bandit algorithm. EXP3-IX ( Definition 81 ) defends against adversaries who control which arm is best in hindsight. It cannot defend against an adversary who has learned the system uses online learning and targets the exploration phase itself. That threat is direct manipulation of the reward signal during exploration: a honeypot designed to look like a learning opportunity.

Three mechanisms close this gap. A reward clipping function ( Definition 88 ) removes adversarial reward spikes before they bias Q-value estimates. A safe action filter ( Definition 89 ) enforces the Nyquist stability condition on the feasible set regardless of what Q-values say. A CUSUM trap detector ( Definition 90 , Step 7) treats suspiciously favorable reward trends as a threat signal rather than an exploitation opportunity.

Definition 88 (Clipped Reward Function). Let $r_{\text{raw}}(t)$ be the observed reward at time $t$, and let $r_{L_0}$ be the expected reward under the deterministic $L_0$ policy — the survival baseline measured during the Phase-0 attestation window ( Definition 35 ) before any learning begins. Let $\sigma_r(t)$ be the running standard deviation of observed rewards maintained via Welford update ( Definition 20 ). The clipped reward is:

In practice, this means: any reward signal that looks suspiciously better or worse than the baseline by more than $k_\text{clip}$ standard deviations is treated as adversarially manipulated and capped before it can distort the bandit’s Q-value estimates.

$r_{\text{clip}}(t) = \mathrm{clip}\!\left(r_{\text{raw}}(t),\; r_{L_0} - k_{\text{clip}}\,\sigma_r(t),\; r_{L_0} + k_{\text{clip}}\,\sigma_r(t)\right)$

where $k_{\text{clip}}$ is a fleet-wide policy parameter. The Welford estimator $\sigma_r$ is updated from $r_{\text{clip}}(t)$ , not $r_{\text{raw}}(t)$ , to prevent adversarial perturbations from inflating the clip window and defeating their own filtering. The anchor $r_{L_0}$ is frozen at Phase-0 — it cannot be poisoned by adversarial rewards during operation.

Definition 89 (Safe Action Filter). Let $K(a)$ be the gain associated with action $a$ and $\tau(a)$ be the corresponding stochastic transport delay (Definition 37). The safe feasible set at time $t$ is:

$\mathcal{U}_{\text{safe}}(t) = \bigl\{a \in \mathcal{A} : K(a)\cdot\tau(a) < \pi/2\bigr\}$

The filter computes the safe arm set by excluding actions where the gain-times-delay product $K(a) \cdot \tau(a)$ exceeds the $\pi/2$ (theoretical bound) phase margin threshold, preventing high-gain, high-latency actions from destabilizing the system even when those actions appear rewarding in the short term. The inputs are $K(a)$ (action state-change magnitude) and $\tau(a)$ (expected execution delay); the $\pi/2 \approx 1.57$ (theoretical bound) rad threshold is the classical control-theory phase-margin condition. The safe set contracts as link latency grows, so the filter must be evaluated with real-time delay measurements rather than the design-time values.

Analogy: A fly-by-wire system — the autopilot (bandit) requests a maneuver, but flight envelope protection silently corrects it if the attitude would exceed structural limits.

Logic: The safe set excludes any action whose gain-delay product exceeds the phase-margin threshold $\pi/2$; if the safe set is empty, the deterministic $L_0$ policy executes unconditionally.

Physical translation: $K(a) \cdot \tau(a) < \pi/2$ is a phase-margin condition from control theory. $K(a)$ is how aggressively the action changes the system state; $\tau(a)$ is how long before that change takes effect. Their product is the total phase shift introduced into the control loop. When this product reaches $\pi/2$ ($\approx 1.57$ radians), the loop is at the stability boundary — any further increase causes oscillation. The condition says: never take an action that is simultaneously too aggressive and too slow. A gentle action (small $K$) can tolerate high delay; a fast-responding action (small $\tau$) can tolerate higher gain.

This is a sufficient gain-delay stability condition: bounding the product $K(a)\cdot\tau(a)$ prevents phase crossover in the autonomic control loop. It is applied as a hard pre-filter on the action space before any Q-value comparison is made. Proposition 22 establishes the discrete-time analogue (the SMJLS analysis in Self-Healing Without Connectivity tightens the LTI bound for time-varying gain). The condition $K(a)\cdot\tau(a) < \pi/2$ is the continuous-time sufficient criterion for phase margin.

Any action that would push the autonomic control loop past the stability boundary is inadmissible regardless of its estimated reward. When $\mathcal{U}_{\text{safe}}(t) = \emptyset$ — all actions currently violate the stability condition — the agent executes the deterministic $L_0$ policy $\pi_{L_0}$ , covered by Proposition 8 (Hardened Hierarchy Fail-Down).

Definition 90 (Safe-$\varepsilon$-Greedy Algorithm). ($\gamma_{\text{infl}}$ here is the CUSUM exploration-rate inflation factor; distinct from the value-function discount factor $\gamma_V$ in Definition 80 and the EXP3-IX implicit exploration floor $\gamma$ in Definition 81.)

The agent maintains per-action Q-value estimates $Q[a]$ and visit counts $N[a]$, Welford reward statistics $(\mu_r, \sigma_r)$, exploration rate $\varepsilon$, and a CUSUM positive accumulator $S_+$ ( Definition 84 ). Parameters are: exploration floor $\varepsilon_0$, entropy ceiling $\varepsilon_{\max}$ , inflation factor $\gamma_{\text{infl}} > 1$ , clipping threshold $k_{\text{clip}}$ , CUSUM sensitivity $\delta_{\text{cusum}}$ , trap trigger $\vartheta$, exponential decay rate $\alpha_{\text{dec}} \in (0, 1)$ , and Phase-0 baseline $r_{L_0}$ . At each time step $t$:

In practice, this means: the algorithm only picks actions that are provably safe (Step 1–2), clips reward signals to reject adversarial manipulation (Step 4), and — crucially — when rewards look suspiciously good (Step 7–8), it responds by exploring more rather than committing to what looks like an opportunity, treating the favorable signal as a potential trap.

$\begin{aligned} &\textbf{Step 0}\;(\text{hardware veto check}):\quad \text{read}\;v(t);\;\text{if}\;v(t)=1:\;\text{halt — no action issued, }Q_d\text{ frozen, no retry} \\[2pt] &\textbf{Step 1}\;(\text{safe filter}):\quad \mathcal{U}_{\text{safe}} \leftarrow \{a \in \mathcal{A} : K(a)\cdot\tau(a) < \pi/2\} \\[2pt] &\textbf{Step 2}\;(L_0\;\text{check}):\quad \text{if}\;\mathcal{U}_{\text{safe}} = \emptyset:\;\text{execute}\;\pi_{L_0};\;\text{goto Step}\;10 \\[2pt] &\textbf{Step 3}\;(\text{action}):\quad a_t \leftarrow \begin{cases} \mathrm{Uniform}(\mathcal{U}_{\text{safe}}) & u \sim \mathrm{Unif}(0,1) < \varepsilon \\ \arg\max_{a \in \mathcal{U}_{\text{safe}}} Q[a] & \text{otherwise} \end{cases} \\[2pt] &\textbf{Step 4}\;(\text{clip}):\quad r_t \leftarrow \mathrm{clip}\!\left(r_{\mathrm{raw}},\;r_{L_0} - k_{\text{clip}}\sigma_r,\;r_{L_0} + k_{\text{clip}}\sigma_r\right) \\[2pt] &\textbf{Step 5}\;(\text{Welford}):\quad (\mu_r,\;\sigma_r) \leftarrow \mathrm{WelfordUpdate}(\mu_r,\;\sigma_r,\;r_t) \\[2pt] &\textbf{Step 6}\;(Q\text{-update}):\quad N[a_t] \mathrel{+}= 1;\quad Q[a_t] \leftarrow Q[a_t] + \tfrac{r_t - Q[a_t]}{N[a_t]} \\[2pt] &\textbf{Step 7}\;(\text{CUSUM}):\quad \xi \leftarrow r_t - \mu_r;\quad S_+ \leftarrow \max\!\left(0,\; S_+ + \xi - \delta_{\text{cusum}}\right) \\[2pt] &\textbf{Step 8}\;(\text{trap check}):\quad \text{if}\;S_+ > \vartheta:\;\varepsilon \leftarrow \min(\varepsilon_{\max},\;\gamma_{\text{infl}}\cdot\varepsilon);\;S_+ \leftarrow 0 \\[2pt] &\textbf{Step 9}\;(\text{decay}):\quad \text{else:}\;\varepsilon \leftarrow \max(\varepsilon_0,\;\alpha_{\text{dec}}\cdot\varepsilon) \\[2pt] &\textbf{Step 10}\;(\text{output}):\quad \text{return}\;a_t \end{aligned}$

(Step 0 — Hardware veto check): Read hardware veto signal $v(t)$. If $v(t) = 1$ ( Proposition 32 ), halt immediately — no action is issued, $Q_d$ remains frozen, no retry is scheduled. Hardware is in control; the software algorithm does not proceed. This check has absolute priority over all subsequent steps. Three implementation requirements follow: treat a disconnected or floating GPIO as $v(t) = 1$ (assume veto active — never interpret an absent signal as “no veto”); re-sample $v(t)$ immediately before action issuance at Step 3 or Step 10, latching the value at Step 0 and holding it until the action completes since a 0-to-1 transition after Step 0 must abort the action; and when multiple physical interlocks are present, any single asserted veto overrides all others.

The proposition guarantees per-tick survival probability above $(1 - \varepsilon_{\text{surv}})$ for any arm within the safe set, enforced as the hard gate at every MAPE-K tick; the bound prevents reward-chasing from selecting arms that appear optimal but breach the survival floor. For safety-critical deployments $\varepsilon_{\text{surv}} = 10^{-4}$ (illustrative value); for operational deployments $\varepsilon_{\text{surv}} = 10^{-3}$ (illustrative value). At a 5-second (illustrative value) MAPE-K cycle, $\varepsilon_{\text{surv}} = 10^{-4}$ (illustrative value) corresponds to one allowed violation per approximately 14 hours (theoretical bound under illustrative parameters).

Calibration: Set $\varepsilon = 0.05$ as a starting point (5% random exploration). Increase to $\varepsilon = 0.15$ in novel environments or after a regime change detected by Definition 84 . Decrease toward $\varepsilon = 0.01$ after 500+ successful episodes in a stable regime. Note that $\varepsilon$ here is the exploration rate — the probability of choosing a random safe action rather than the Q-value maximizer — distinct from $\varepsilon_{\text{surv}}$ (the per-tick survival violation tolerance) and from $\varepsilon_0$ / $\varepsilon_{\max}$ (the algorithmic floor and ceiling that the CUSUM trap detector adjusts $\varepsilon$ between).

The CUSUM accumulator $S_+$ adopts the same one-sided Page-CUSUM structure as the Adversarial Non-Stationarity Detector ( Definition 84 ), applied to the reward innovation $\xi(t) = r_t - \mu_r$ . The response pivots: where Definition 84 flags a regime change and triggers a policy switch, Step 8 responds to a favorable shift by increasing exploration — the inverse of the normal exploitation instinct. A reward trend that looks like an opportunity is treated as a threat hypothesis until diverse exploration cycles distinguish genuine improvement from adversarial bait.

CUSUM trap recovery: When Step 8 fires ($S_+ > \vartheta$) and inflates $\varepsilon$, the accumulator resets to zero. The inflated exploration rate decays back to $\varepsilon_0$ via Step 9 at rate $\alpha_{\text{dec}}$ per tick. The system is considered to have exited the elevated-suspicion state when $\varepsilon$ has fully decayed back to $\varepsilon_0$ — specifically, when $S_+$ has remained below $\vartheta / 2$ for $T_{\text{readmit}} = 5 \cdot T_{\text{window}}$ consecutive ticks (where $T_{\text{window}}$ is the CUSUM sliding window length). During this period any arm whose reward trend triggered the CUSUM fire is treated with full uniform-exploration weight — it is not individually excluded. If Step 8 fires again before $T_{\text{readmit}}$ has elapsed, the exploration rate inflates by an additional factor of $\gamma_{\text{infl}}$ (capped at $\varepsilon_{\max}$) and $T_{\text{readmit}}$ resets, bounding the rate at which a persistent adversarial reward source can suppress exploitation. $\square$

Proposition 64 (Survival Invariant). Under Safe-$\varepsilon$-Greedy (Definition 90), the selected action satisfies $K(a_t)\cdot\tau(a_t) < \pi/2$ whenever $\mathcal{U}_{\text{safe}}(t) \neq \emptyset$ .

In RAVEN, this means the safe action filter blocks any EXP3-IX exploration that would push the swarm’s cumulative gain-bandwidth product past the physical stability boundary — even during active adversarial jamming. When $\mathcal{U}_{\text{safe}}(t) = \emptyset$ , the deterministic $L_0$ policy is executed, which satisfies the survival constraint by Proposition 8 (Hardened Hierarchy Fail-Down).

Proof. Step 1 constructs $\mathcal{U}_{\text{safe}}$ by excluding all actions with $K(a)\cdot\tau(a) \geq \pi/2$ . Both branches of Step 3 — exploration (uniform over $\mathcal{U}_{\text{safe}}$ ) and exploitation ( $\arg\max$ over $\mathcal{U}_{\text{safe}}$ ) — select exclusively from this set. The goto-Step-10 branch in Step 2 executes $\pi_{L_0}$ , whose gains are pre-validated during Phase-0 attestation to satisfy $K\cdot\tau(a) < \pi/2$ ; Proposition 8 (Hardened Hierarchy Fail-Down) ensures the $L_0$ tier remains reachable when all autonomic actions are infeasible. $\square$

L0 policy failure: If $\pi_{L_0}$ is itself unavailable (firmware corruption, hardware fault), the physical safety interlock ( Definition 108 ) activates independently — it does not rely on software execution and cannot be bypassed by MAB weight updates.

Physical translation: As long as the safe action filter is active, the system cannot take an action that consumes more energy than it can recover. This is the behavioral equivalent of a hard budget constraint — the bandit can optimize freely within the budget, but the filter is a hard wall it cannot cross regardless of what the reward signal suggests.

Watch out for: the $K(a) \cdot \tau(a) < \pi/2$ invariant is guaranteed only when $\tau(a)$ reflects the current link latency — the filter’s safe set is a function of real-time delay, so a node that caches $\tau(a)$ from the last connectivity report and does not refresh it before each tick can admit actions that appeared safe at the design-time latency but exceed the phase margin at the higher latency present during a degraded link event, violating the invariant precisely when the system is under stress and the filter is needed most.

Proposition 65 (Adversarial Rejection Bound). Decompose the observed reward as $r_{\text{raw}}(t) = r_{\text{true}}(t) + \eta_{\text{adv}}(t)$ , where $r_{\text{true}}(t) \in [r_{L_0} - \delta_{\text{leg}}, r_{L_0} + \delta_{\text{leg}}]$ is the legitimate reward deviation and $\eta_{\text{adv}}(t)$ is adversarial perturbation. If $k_{\text{clip}}\,\sigma_r > \delta_{\text{leg}}$ , then no legitimate reward is clipped. The Q-value estimation bias satisfies:

Setting the clip width to $3\sigma$ around RAVEN ’s baseline reward admits legitimate EW degradations while rejecting a coordinated spoofing spike — the Gaussian tail probability makes the residual bias negligibly small.

$\bigl|\mathbb{E}[Q_{\text{clip}}[a]] - Q_{\text{true}}[a]\bigr| \leq \bigl(k_{\text{clip}}\,\sigma_r + \delta_{\text{leg}}\bigr)\cdot P\!\left(|\eta_{\text{adv}}| > k_{\text{clip}}\,\sigma_r - \delta_{\text{leg}}\right)$

Under Gaussian adversarial perturbations $\eta_{\text{adv}} \sim \mathcal{N}(0, \sigma_{\text{adv}}^2)$ , the right-hand side decays as $1 - \Phi\!\left(\tfrac{k_{\text{clip}}\,\sigma_r - \delta_{\text{leg}}}{\sigma_{\text{adv}}}\right)$ — the same Gaussian tail form as Proposition 19 (False-Positive Ejection Bound). $\square$

Proof sketch. Q-values are incremental averages of clipped rewards. Clipping truncates observations outside $[r_{L_0} - k_{\text{clip}}\sigma_r,\; r_{L_0} + k_{\text{clip}}\sigma_r]$ ; when $k_{\text{clip}}\sigma_r > \delta_{\text{leg}}$ , legitimate rewards lie within this interval and are never truncated. The bias from clipping a single adversarial observation is bounded by the clip radius; the expected bias over $N[a]$ visits is $\text{clip\_radius} \cdot P(\text{adversarial})$ , giving the stated bound. $\square$

RAVEN calibration. With $r_{L_0}$ measured over 48 hours (illustrative value) of pre-deployment operation, $\sigma_r$ converges within the first 200 observations (illustrative value) by Proposition 10 (Kalman Baseline Convergence Rate). Setting $k_{\text{clip}} = 3$ (illustrative value): the adversary’s 10-minute (illustrative value) EW reduction — yielding reward spike $|\eta_{\text{adv}}| \approx 2.8\,\sigma_r$ (illustrative value) — is admitted; a coordinated attack delivering $|\eta_{\text{adv}}| > 3\sigma_r$ is clipped before reaching the Q-update. The CUSUM trap detector fires after approximately $\vartheta / \delta_{\text{cusum}}$ steps of sustained positive innovation, tripling $\varepsilon$ ( $\gamma_{\text{infl}} = 3$ ) — forcing RAVEN to re-explore rather than commit to the apparently optimal corridor. At day 15 (illustrative value), the adversary’s trap sequence fails: the swarm is too uncertain about C-7 to exploit it.

Physical translation: Even if an adversary crafts reward signals specifically to mislead the bandit, at most a logarithmic fraction of rounds will be spent on adversarially manipulated actions before the system detects and rejects the attack. The RAVEN scenario demonstrates this: a jammer that corrupts reward signals for 200 rounds will cause fewer than 15 exploitable decisions before the Non-Stationarity Detector fires.

Empirical status: The clip multiplier $k_{\text{clip}} = 3$ and the $2.8\,\sigma_r$ adversarial spike magnitude are calibrated from RAVEN simulation trials; the appropriate $k_{\text{clip}}$ value depends on the ratio of the expected adversarial perturbation magnitude to the legitimate reward variance $\sigma_r$ — deployments with noisier legitimate rewards (larger $\sigma_r$) may need $k_{\text{clip}} < 3$ to clip aggressive injections, and $\sigma_r$ should be estimated from at least 200 pre-deployment observations to be reliable.

Watch out for: the bias bound decays as a Gaussian tail probability under the $\eta_{\text{adv}} \sim \mathcal{N}(0, \sigma_{\text{adv}}^2)$ assumption — when the adversary delivers impulse-shaped perturbations (a single-round spike rather than sustained Gaussian noise), the clipping boundary is either fully effective (the spike exceeds $k_{\text{clip}}\sigma_r$ and is entirely clipped) or entirely ineffective (the spike falls below the threshold and is entirely admitted), making the per-round bias either zero or $k_{\text{clip}}\sigma_r + \delta_{\text{leg}}$ rather than the smooth decay the Gaussian form implies — and an adversary who calibrates spike magnitude to just below $k_{\text{clip}}\sigma_r$ can inject maximum per-round bias without triggering any clipping at all.

Cognitive Map: The defensive learning section inverts the anti-fragile intuition: an adversary can weaponize a system’s learning against it. The three-layer defense — reward clipping ( Definition 88 ), safe action filter ( Definition 89 ), and Safe-$\varepsilon$-Greedy with CUSUM trap detection ( Definition 90 ) — each address a different attack vector. Reward clipping rejects large-magnitude adversarial signals. The safe filter prevents the learner from ever selecting a physically destabilizing action. The CUSUM trap detector responds to favorable trends with exploration rather than exploitation, denying the adversary the ability to funnel the system toward a predictable pattern. The survival invariant ( Proposition 64 ) and adversarial rejection bound ( Proposition 65 ) give the formal guarantees.

Anti-Fragile Design Patterns Catalog

The mechanisms developed so far — bandit algorithms, safe action filters, reward clipping, defensive learning — are individually powerful but form a bewildering toolkit without a unifying structure for knowing when to use which. Organize anti-fragile mechanisms into a pattern catalog by scenario class: redundancy under stress, learning from stress, partitioned operation, parameter adaptation, and information capture. Each pattern has applicability conditions, expected costs, and implementation guidance. Patterns are templates, not implementations. The failure modes listed in each pattern reflect the known edge cases — but novel environments may surface new failure modes not in the catalog. The catalog’s value is reducing time-to-correct-selection; it does not eliminate the need for environment-specific validation.

Reusable patterns with applicability conditions, trade-offs, and implementation guidance.

Pattern Classification Framework

Anti-fragile patterns address three concerns: learning patterns extract information from stress events; adaptation patterns modify behavior based on learned information; and validation patterns verify that adaptations improve system behavior.

The diagram below maps each pattern to its category and shows which learning patterns feed which adaptation patterns and their corresponding validation counterparts.

    
    graph LR
    subgraph "Learning Patterns"
        L1["Multi-Armed Bandit
Stress Learning"]
        L2["Bayesian Parameter
Update"]
        L3["Partition Prediction
Learning"]
    end

    subgraph "Adaptation Patterns"
        A1["Dynamic Resource
Weighting"]
        A2["Graceful Degradation
Ladder"]
        A3["Adaptive Threshold
Tuning"]
    end

    subgraph "Validation Patterns"
        V1["Phase-Gate
Validation"]
        V2["Chaos Engineering
Verification"]
        V3["Regression
Invariants"]
    end

    L1 --> A1
    L2 --> A3
    L3 --> A2
    A1 --> V1
    A2 --> V2
    A3 --> V3

    style L1 fill:#e3f2fd,stroke:#1976d2
    style L2 fill:#e3f2fd,stroke:#1976d2
    style L3 fill:#e3f2fd,stroke:#1976d2
    style A1 fill:#fff3e0,stroke:#f57c00
    style A2 fill:#fff3e0,stroke:#f57c00
    style A3 fill:#fff3e0,stroke:#f57c00
    style V1 fill:#e8f5e9,stroke:#388e3c
    style V2 fill:#e8f5e9,stroke:#388e3c
    style V3 fill:#e8f5e9,stroke:#388e3c

Learning Patterns

Pattern L1: Multi-Armed Bandit Stress Learning

Learn optimal action selection from stress events without requiring labeled training data.

The system must choose among multiple responses to stress (healing actions, configuration parameters, routing strategies). Optimal choice is unknown and varies by context. Random exploration is costly; pure exploitation misses better alternatives.

Model each action as a bandit arm with unknown reward distribution. Use exploration-exploitation algorithm ( UCB , Thompson Sampling ) to balance trying new actions against exploiting known-good actions.

The UCB score for each action $a$ combines the estimated mean reward $\hat{\mu}_a$ (exploitation term) with a confidence-bound bonus that grows when the action has been tried few times (exploration term), so under-tried actions are automatically re-explored.

$\text{UCB}(a) = \underbrace{\hat{\mu}_a}_{\text{exploitation}} + \underbrace{c\sqrt{\frac{\ln t}{n_a}}}_{\text{exploration}}$

The four state variables that the algorithm tracks per arm are described below, together with their incremental update rules applied each time an arm is selected.

Component	Description	Update Rule
$\hat{\mu}_a$	Estimated reward for action $a$	$\hat{\mu}_a \leftarrow \hat{\mu}_a + \frac{1}{n_a}(r - \hat{\mu}_a)$
$n_a$	Times action $a$ selected	$n_a \leftarrow n_a + 1$
$t$	Total selections	$t \leftarrow t + 1$
$c$	Exploration coefficient	Typically $\sqrt{2}$ , tune empirically

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Discrete action space	Yes	Actions must be enumerable
Observable reward signal	Yes	Must know if action succeeded
Actions are repeatable	Yes	Same action can be tried again
Stationary reward distribution	~	Non-stationarity requires windowed estimates
Low action cost	~	High-cost actions need conservative $c$

Performance Trade-offs: The table compares UCB , Thompson Sampling , and $\varepsilon$-Greedy across five dimensions; UCB and Thompson Sampling share the same asymptotic regret bound but differ on computational cost, non-stationarity handling, and sample efficiency.

Metric	UCB	Thompson Sampling	$\varepsilon$-Greedy
Regret bound	$O(\sqrt{KT \ln T})$	$O(\sqrt{KT \ln T})$	$O(\epsilon T + K/\epsilon)$
Computational cost	Low	Medium (sampling)	Lowest
Handles non-stationarity	Poor	Moderate	Good (with decay)
Implementation complexity	Simple	Moderate	Simplest
Sample efficiency	High	Highest	Low

RAVEN Implementation: 6 healing actions, UCB with $c = 1.5$. After 100 episodes, regret bounded by ~53 suboptimal decisions. Convergence to 95% of optimal policy within 3 weeks of operation.

Anti-pattern: Using $\varepsilon$-greedy with fixed $\varepsilon$ in low-sample environments - wastes exploration on already-known-bad actions.

Pattern L2: Bayesian Parameter Update

Maintain probabilistic beliefs about system parameters, updating beliefs as evidence accumulates from stress events.

System parameters (transition rates, failure probabilities, timing constants) are uncertain at deployment. Point estimates lack confidence information needed for safe decision-making.

Model parameters as probability distributions. Use Bayesian inference to update distributions as observations arrive. Decision-making incorporates uncertainty through credible intervals or posterior sampling.

The posterior over parameter $\theta$ given observations $D$ is proportional to the product of the likelihood (how probable the data is under $\theta$) and the prior (initial belief about $\theta$).

$p(\theta | D) = \frac{p(D | \theta) \cdot p(\theta)}{p(D)} \propto \text{likelihood} \times \text{prior}$

Conjugate prior families for common parameters: Choosing a prior from the conjugate family for a given likelihood makes the posterior analytically tractable and reduces each update to incrementing a small set of sufficient statistics.

Parameter Type	Likelihood	Prior	Posterior
Probability	Binomial	Beta($\alpha$, $\beta$)	Beta($\alpha + k$, $\beta + n - k$)
Rate	Poisson	Gamma($k$, $\theta$)	Gamma( $k + \sum x_i$ , $\theta + n$)
Mean (known var)	Normal	Normal($\mu_0$, $\sigma_0^2$)	Normal($\mu_n$, $\sigma_n^2$)
Transition rates	Exponential	Gamma	Gamma (with sufficient statistics)

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Parameter is scalar or low-dim	Yes	High-dim requires approximations
Conjugate prior exists	~	Non-conjugate needs MCMC/VI
Observations are exchangeable	~	Time-varying needs sequential updates
Prior knowledge available	~	Uninformative priors if not

Performance Trade-offs:

Approach	Uncertainty Quantification	Computational Cost	Prior Sensitivity
Conjugate Bayesian	Full posterior	O(1) update	Moderate
Variational inference	Approximate	O(n) per iteration	Low
MCMC	Exact (asymptotic)	$O(n \times \text{samples})$	Low
Point estimate (MLE)	None	O(1)	N/A

CONVOY Implementation: Transition rates for connectivity Markov chain. Gamma(2, 0.5) prior encodes “expect transitions every few hours.” After 50 observed transitions, posterior concentrates around MLE with 90% credible interval width < 0.03.

Anti-pattern: Using point estimates without uncertainty in safety-critical decisions - overconfident actions based on limited data.

Pattern L3: Partition Prediction Learning

Learn precursor patterns that predict imminent partition, enabling preemptive preparation.

Partition events cause disruption. If partitions could be predicted, the system could prepare (sync state, delegate authority, cache resources), reducing partition impact.

Treat partition prediction as supervised learning. Features are observable signals (signal strength, packet loss, position). Label is partition occurrence within time horizon. Train classifier online as partition events occur.

This logistic classifier outputs the probability that a partition will occur within horizon $\tau$, given the current feature vector $x$ (which encodes signal quality, position, and fleet state); weights $w$ and bias $b$ are learned from past partition events.

$P(\text{partition in } \tau | x) = \sigma(w^T x + b)$

Feature engineering for partition prediction: The classifier input vector $x$ is assembled from six observable categories spanning current conditions, trends, spatial context, and fleet state; the temporal scope column indicates how far back each feature window reaches.

Feature Category	Examples	Temporal Scope
Signal quality	RSSI, SNR, packet loss rate	1-5 minute window
Signal dynamics	RSSI slope, loss rate derivative	Trend over 2-10 minutes
Spatial	GPS position, distance to known shadows	Current
Temporal	Time of day, day of week	Current
Fleet correlation	% of fleet degraded, cluster connectivity	Current
Historical	Same location partition history	Long-term

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Partition has precursors	Yes	Random partitions unpredictable
Precursors are observable	Yes	Need measurable signals
Sufficient partition events for training	~	10+ events for basic model
Prediction horizon is actionable	Yes	Enough time to prepare

Performance Trade-offs:

Prediction Horizon	Accuracy (typical)	Actionable Time	False Positive Cost
1 minute	85-95%	Minimal	Low (brief prep)
5 minutes	70-85%	Moderate	Medium
15 minutes	55-70%	Substantial	High (extended prep mode)
30 minutes	45-60%	Maximum	Very high

Precision-Recall Trade-off:

Threshold Setting	Precision	Recall	Use Case
Conservative (high)	90%+	50-60%	Low FP cost, high FN cost
Balanced	75-85%	75-85%	Moderate costs both ways
Aggressive (low)	60-70%	90%+	High FP cost, low FN cost

CONVOY Implementation: Logistic regression with 8 (illustrative value) features. After 8 partition events (illustrative value), achieved 78% (illustrative value) accuracy at a 10-minute (illustrative value) horizon. Preemptive preparation reduced recovery time from 340s to 45s (illustrative value).

Anti-pattern: Training on insufficient data (< 5 events) - model overfits to specific partition causes, fails to generalize.

Adaptation Patterns

Pattern A1: Dynamic Resource Weighting

Automatically reallocate resources across competing functions based on system state and learned priorities.

Fixed resource allocation is suboptimal - mission needs vary with state, connectivity, and stress level. Manual reallocation is too slow for edge environments.

Define utility functions for each resource consumer. Dynamically solve allocation optimization as state changes. Learn utility function parameters from operational outcomes.

This objective allocates resource amounts $r_i$ to each of $n$ competing functions so that the weighted sum of their utilities is maximized, with weights $w_i(s)$ shifting based on current system state $s$ to reflect which functions matter most right now.

$\max_{r_1, ..., r_n} \sum_i w_i(s) \cdot U_i(r_i) \quad \text{s.t.} \quad \sum_i r_i \leq R_{\text{total}}$

where $w_i(s)$ are state-dependent weights and $U_i(r_i)$ are utility functions.

Weight adaptation based on state:

The table below shows how the four resource weights shift across system states; each row sums to 1.0, and the pattern shows mission weight decreasing under stress while healing and coherence weights increase.

System State	Mission Weight	Healing Weight	Learning Weight	Coherence Weight
Normal	0.70	0.10	0.10	0.10
Degraded	0.60	0.20	0.05	0.15
Partition	0.50	0.25	0.00	0.25
Recovery	0.40	0.15	0.05	0.40
Critical	0.80	0.15	0.00	0.05

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Resources are fungible	~	Non-fungible needs constraint handling
Utility functions are known	~	Unknown requires learning
State is observable	Yes	Weight selection needs state
Reallocation is fast	Yes	Slow reallocation misses state changes

Performance Trade-offs: More frequent reallocation improves optimality but increases overhead and reduces stability; state-triggered reallocation achieves the best stability and lowest overhead by acting only when the system state actually changes.

Reallocation Frequency	Optimality	Overhead	Stability
Per-event	Highest	Highest	Lowest (oscillation risk)
Periodic (1s)	High	Medium	Medium
Periodic (10s)	Medium	Low	High
State-triggered only	Medium-High	Lowest	Highest

Learning the weights: Weights can be learned via policy gradient, where each weight $w_i(s)$ is nudged in the direction that increases expected total system reward $R$.

$w_i(s) \leftarrow w_i(s) + \alpha \nabla_{w_i} \mathbb{E}[R | w]$

where $R$ is overall system reward (mission success, recovery time, etc.).

RAVEN Implementation: 4 resource pools (compute, bandwidth, power, storage). Weights updated every 5 seconds based on connectivity state . Learning via contextual bandit improved allocation efficiency by 18% over fixed weights.

Anti-pattern: Reacting to transient state changes - add hysteresis to prevent oscillation.

Pattern A2: Graceful Degradation Ladder

Define explicit capability levels that the system traverses as resources or connectivity degrade, ensuring predictable behavior under stress.

Ad-hoc degradation leads to unpredictable behavior. Operators cannot reason about system capabilities during stress. Recovery is complicated by unknown degraded state.

Define discrete degradation levels (ladder rungs). Each level specifies which capabilities are available and which are disabled. Transitions between levels are triggered by explicit conditions. Recovery reverses the degradation path.

The diagram shows the five ladder levels and the resource-threshold conditions that trigger downward transitions (left arrows) and the stability requirements that allow upward recovery (right arrows).

    
    graph TD
    L4["L4: Full Capability
All features enabled"]
    L3["L3: Reduced Features
Non-critical disabled"]
    L2["L2: Core Function
Mission-essential only"]
    L1["L1: Survival Mode
Safety + logging"]
    L0["L0: Safe State
Minimal operation"]

    L4 -->|"Resource < 70%"| L3
    L3 -->|"Resource < 50%"| L2
    L2 -->|"Resource < 30%"| L1
    L1 -->|"Resource < 10%"| L0

    L0 -->|"Resource > 20%
+ stable 60s"| L1
    L1 -->|"Resource > 40%
+ stable 60s"| L2
    L2 -->|"Resource > 60%
+ stable 60s"| L3
    L3 -->|"Resource > 80%
+ stable 60s"| L4

    style L4 fill:#c8e6c9,stroke:#388e3c
    style L3 fill:#fff9c4,stroke:#f9a825
    style L2 fill:#ffe0b2,stroke:#f57c00
    style L1 fill:#ffcdd2,stroke:#e57373
    style L0 fill:#e0e0e0,stroke:#757575

Degradation level specification:

Level	Trigger	Enabled	Disabled	Recovery Condition
L4	Default	All	None	-
L3	CPU > 80% OR Memory > 85%	Core + analytics	ML inference, logging verbosity	Below threshold + 60s stable
L2	CPU > 90% OR Connectivity < 30%	Core mission	Analytics, non-critical sync	Below threshold + 60s stable
L1	Power < 20% OR Critical failure	Safety, minimal logging	All non-safety	Power > 30% + 120s stable
L0	Power < 5% OR Unrecoverable	Safe shutdown prep	All	Manual intervention

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Capabilities are separable	Yes	Can disable features independently
Clear priority ordering exists	Yes	Know what to shed first
Triggers are measurable	Yes	Need observable thresholds
Recovery is possible	~	Some degradations are permanent

Performance Trade-offs:

More degradation levels give finer-grained resource control but make the ladder harder for operators to reason about and test; the table shows how granularity, complexity, and operator comprehension shift together.

Number of Levels	Granularity	Complexity	Operator Comprehension
2 (on/degraded)	Low	Low	High
3-5	Medium	Medium	Medium
6-10	High	High	Low
Continuous	Highest	Highest	Very Low

Hysteresis requirement: Upgrade thresholds must be set higher than downgrade thresholds so the system cannot immediately re-downgrade after recovering, with the gap $\Delta_{\text{hysteresis}}$ sized to absorb normal measurement noise without triggering oscillation.

$\theta_{\text{upgrade}} = \theta_{\text{downgrade}} + \Delta_{\text{hysteresis}}$

Typical $\Delta_{\text{hysteresis}}$ = 10-20% of threshold value.

CONVOY Implementation: 5-level ladder. Transition logged with timestamp and trigger. Recovery requires threshold + 60s stability. Oscillation rate < 0.1 transitions/minute during stress testing.

Anti-pattern: Continuous degradation without discrete levels - impossible to reason about, test, or document.

Pattern A3: Adaptive Threshold Tuning

Automatically adjust detection and decision thresholds based on observed false positive/negative rates.

Static thresholds are suboptimal as operating conditions change. Manual tuning requires expertise and ongoing attention. Thresholds that work in testing may fail in production.

Track classification outcomes (TP, FP, TN, FN). Adjust thresholds to maintain target precision/recall balance. Use control-theoretic approach to ensure stability.

The threshold is updated each cycle by a step proportional to the error between the target metric rate $r_{\text{target}}$ (e.g., desired false positive rate) and the currently observed rate $r_{\text{observed}}$ .

$\theta_{t+1} = \theta_t + \eta \cdot (r_{\text{target}} - r_{\text{observed}})$

where $r$ is the metric being controlled (e.g., false positive rate).

Threshold adaptation control loop:

The loop below shows the four-step cycle: measurement feeds a comparison against targets, the error drives a threshold adjustment, and the updated threshold governs the next detection round.

    
    graph LR
    M["Measure
FP rate, FN rate"]
    C["Compare
vs. targets"]
    A["Adjust
theta +/- delta"]
    S["System
Detection/Decision"]

    M --> C --> A --> S --> M

    style C fill:#fff3e0,stroke:#f57c00

Target setting by use case: The appropriate false positive (FP) and false negative (FN) rate targets depend on the relative cost of each error type; safety-critical and security use cases set near-zero FN targets even at the cost of higher FP rates.

Use Case	FP Rate Target	FN Rate Target	Rationale
Safety-critical detection	10%	1%	Miss is catastrophic
Anomaly alerting	5%	10%	Alert fatigue vs. missed anomaly
Resource allocation	15%	15%	Balanced cost
Security detection	20%	0.1%	Miss is unacceptable

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Outcomes are observable	Yes	Know if decision was correct
Ground truth eventually available	Yes	Even if delayed
Threshold affects rate monotonically	Yes	Higher $\theta$: lower FP, higher FN
Sufficient samples for estimation	~	50+ outcomes for stable estimates

Performance Trade-offs: Responsiveness, stability, and noise sensitivity all move together as $\eta$ changes — faster adaptation is more responsive but less stable and more susceptible to noisy outcome estimates.

Adaptation Speed ($\eta$)	Responsiveness	Stability	Noise Sensitivity
Fast ($\eta > 0.1$)	High	Low	High
Medium ($0.01 < \eta < 0.1$)	Medium	Medium	Medium
Slow ($\eta < 0.01$)	Low	High	Low

Stability constraint: The learning rate $\eta$ must be small enough that one correction step cannot overshoot the target and reverse the sign of the error; the upper bound is inversely proportional to the maximum slope of the false positive rate with respect to the threshold.

$\eta < \frac{2}{\max_\theta |d\text{FPR}/d\theta|}$

RAVEN Implementation: Anomaly detection threshold. Initial $\theta = 2.5\sigma$. Target FP rate 2%. After 500 observations, threshold stabilized at $\theta = 2.7\sigma$ with actual FP rate 1.8%.

Anti-pattern: Adapting too quickly based on small samples - threshold oscillates wildly.

Validation Patterns

Pattern V1: Phase-Gate Validation Functions

Ensure system capabilities are validated in correct sequence, preventing deployment of sophisticated features on unstable foundations.

Complex systems have dependencies between capabilities. Building capability B before validating capability A wastes effort when A fails. Edge systems have high cost of late-stage failure discovery.

Define validation predicates for each capability phase. System cannot advance to phase N+1 until phase N predicates pass. Regression testing ensures earlier phases remain valid.

Gate $G_i$ is the conjunction of all per-predicate indicator functions: it evaluates to 1 (pass) only when every validation function $V_p$ in phase $i$ meets its required threshold $\theta_p$.

$G_i(S) = \bigwedge_{p \in P_i} \mathbb{1}[V_p(S) \geq \theta_p]$

Gate $G_i$ passes iff all predicates $p$ in phase $i$ meet their thresholds.

Phase gate specification template: Each row is one predicate that must pass before the system may advance from that phase; the Threshold column gives the minimum acceptable value and Regression Frequency indicates how often previously-passed predicates are re-verified.

Phase	Predicates	Threshold	Validation Method	Regression Frequency
P0: Foundation	Hardware attestation	Pass/Fail	Cryptographic	Every boot
P0: Foundation	Survival duration	24 hours	Isolation test	Monthly
P1: Local Autonomy	Detection accuracy	80%	Labeled test set	Weekly
P1: Local Autonomy	Healing success rate	70%	Fault injection	Weekly
P2: Coordination	Gossip convergence	30 seconds	Partition test	Weekly
P3: Fleet Coherence	State reconciliation	95% consistency	Multi-partition test	Bi-weekly
P4: Optimization	Learning improvement	Positive $\Delta$	A/B test	Monthly

Threshold note: The 70% healing success rate represents the empirically observed lower bound for acceptable healing reliability. Adjust this threshold based on your system’s mission-criticality requirements - safety-critical systems should target 90%+, while lower-stakes systems may accept 60-70%.

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Capabilities have dependencies	Yes	DAG structure exists
Predicates are testable	Yes	Automated verification possible
Thresholds are meaningful	Yes	Derived from requirements
Regression is feasible	~	Some tests are expensive

Performance Trade-offs: Stricter thresholds reduce escaped defects at the cost of higher false rejection rates and slower development; lenient thresholds ship faster but allow more defects through.

Gate Strictness	False Rejection Rate	Escaped Defects	Development Speed
Strict ($\theta$ high)	High	Very Low	Slow
Moderate	Medium	Low	Medium
Lenient ($\theta$ low)	Low	Medium	Fast

Regression invariant: Advancing to phase $i+1$ requires that every gate from phase 0 through phase $i$ continues to pass, ensuring a new capability cannot be built on a foundation that has silently regressed.

$\text{enter}(i+1) \Rightarrow \bigwedge_{j=0}^{i} G_j(S) = 1$

CONVOY Implementation: 5 phases, 18 total predicates. Regression suite runs in 4 hours. Gate failures in first 3 months: 7 (all caught before deployment). Post-deployment gate failures: 0.

Anti-pattern: Skipping gates under schedule pressure - technical debt compounds, failures occur in production.

Pattern V2: Chaos Engineering Verification

Proactively discover weaknesses by injecting failures in controlled conditions, converting potential surprises into planned learning.

Testing only happy paths leaves failure modes undiscovered. Production failures are costly and uncontrolled. Edge environments have limited visibility into failures.

Systematically inject failures (process crashes, network partitions, resource exhaustion) during normal operation. Verify system responds correctly. Document and fix discovered weaknesses.

The feedback loop below shows the experiment protocol: hypothesize, inject, observe, and either document resilience (when confirmed) or fix and retest (when the hypothesis fails), cycling continuously.

    
    graph TD
    H["Hypothesis
'System survives X'"]
    I["Inject Failure X"]
    O["Observe Behavior"]
    V{"Hypothesis
Confirmed?"}
    D["Document
Resilience"]
    F["Fix Weakness"]
    R["Retest"]

    H --> I --> O --> V
    V -->|"Yes"| D
    V -->|"No"| F --> R --> V

    style H fill:#e3f2fd,stroke:#1976d2
    style F fill:#ffcdd2,stroke:#c62828
    style D fill:#c8e6c9,stroke:#388e3c

Failure injection catalog: The table below enumerates nine standard injection types organized by failure category, with Blast Radius indicating the maximum scope of disruption that each injection can cause.

Category	Injection	Severity	Frequency	Blast Radius
Process	Kill random process	Low	Daily	Single node
Process	Memory exhaustion	Medium	Weekly	Single node
Network	Latency injection (100ms)	Low	Daily	Link
Network	Partition (30s)	Medium	Weekly	Cluster
Network	Partition (5min)	High	Monthly	Fleet
Resource	CPU saturation	Medium	Weekly	Single node
Resource	Disk full	Medium	Weekly	Single node
Clock	Time skew ($\pm 30$s)	Medium	Weekly	Single node
Dependency	Downstream timeout	Medium	Daily	Service

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
System can tolerate some failures	Yes	Don’t chaos-test fragile systems
Failure injection is controllable	Yes	Must be able to stop injection
Monitoring captures behavior	Yes	Need visibility into response
Rollback is possible	Yes	Escape hatch for bad outcomes

Performance Trade-offs: More frequent injection achieves higher coverage but increases operational overhead; daily injection provides high coverage at manageable risk and is the typical production baseline.

Injection Frequency	Coverage	Risk	Operational Overhead
Continuous	Highest	Medium	High
Daily	High	Low	Medium
Weekly	Medium	Very Low	Low
Monthly	Low	Minimal	Minimal

Graduated chaos levels: Each level must demonstrate resilience before unlocking the next, ensuring the system can handle simpler failures before being subjected to compound scenarios.

Level	Target	Prerequisites	Example
1	Single process	Basic monitoring	Kill one pod
2	Single node	Level 1 stable	Node failure
3	Network link	Level 2 stable	Partition two nodes
4	Cluster	Level 3 stable	Availability zone failure
5	Fleet	Level 4 stable	Multi-region chaos

FAILSTREAM Implementation: 500+ experiments (illustrative value) over 24 months (illustrative value). 147 hidden dependencies (illustrative value) discovered. MTTR reduced from 47 to 8 minutes (illustrative value). Each discovered weakness becomes a regression test.

Anti-pattern: Chaos without monitoring - failures occur but go undetected, learning is lost.

Pattern V3: Regression Invariants

Ensure that changes (code updates, configuration changes, learned adaptations) do not violate previously validated properties.

System evolution can introduce regressions. Anti-fragile adaptations may inadvertently break existing functionality. Manual regression testing is incomplete and slow.

Define invariants that must hold across all system states. Automatically verify invariants after any change. Block changes that violate invariants until explicitly approved.

A change is valid only if every invariant $I$ in the invariant set $\mathcal{I}$ evaluates to true in the post-change state $S_{\text{after}}$ ; any invariant failure blocks the change.

$\text{Change}(c) \text{ valid} \Leftrightarrow \forall I \in \mathcal{I}: I(S_{\text{after}}) = \text{true}$

Invariant categories: Invariants fall into five classes based on the property they protect; each class requires a different verification method because the property is either checkable statically, requires runtime monitoring, or can only be confirmed under controlled fault injection.

Category	Example Invariants	Verification Method
Safety	“No action exceeds power budget”	Static analysis + runtime check
Liveness	“Heartbeat within 30s”	Continuous monitoring
Consistency	“Replicas converge within 60s”	Partition-heal test
Performance	“P99 latency < 500ms”	Load test
Security	“All messages authenticated”	Audit log analysis

Invariant specification template:

An invariant is expressed as a universal implication over all system states: whenever precondition $P$ holds, postcondition $Q$ must also hold.

$I_{\text{name}}: \forall s \in S: P(s) \Rightarrow Q(s)$

“For all states $s$ where precondition $P$ holds, postcondition $Q$ must hold.”

Applicability Conditions: The Required column uses “Yes” for hard prerequisites and “~” for conditions that improve performance but are not strictly necessary.

Condition	Required	Notes
Invariants are expressible	Yes	Can formalize requirements
Verification is automatable	Yes	Manual verification doesn’t scale
False positives are rare	~	Too many FPs cause alert fatigue
Coverage is sufficient	~	Untested invariants may regress

Performance Trade-offs: Earlier verification catches more violations but blocks the development pipeline; continuous post-deploy verification never blocks but accepts that regressions may briefly reach production.

Verification Timing	Latency	Coverage	Cost
Pre-commit	Lowest	Highest	Blocks development
Pre-deploy	Low	High	Blocks deployment
Post-deploy	Medium	Medium	May ship regressions
Continuous	Highest	Continuous	Ongoing compute cost

Invariant violation response: When a violation is detected, the response — blocking, warning, or logging — scales with the severity of the invariant class; critical safety violations are always blocking and require no human approval to act.

Severity	Response	Automation
Critical (safety)	Block change, alert immediately	Fully automated
High (functionality)	Block change, notify developer	Fully automated
Medium (performance)	Warn, allow with approval	Semi-automated
Low (style)	Log for review	Fully automated

RAVEN Implementation: 34 invariants across safety (8), liveness (6), consistency (12), performance (5), security (3). CI/CD pipeline verifies all invariants. 12 regressions caught in 6 months, 0 shipped to production.

Anti-pattern: Invariants without teeth - violations logged but not enforced, regressions accumulate.

Pattern Selection Guide

Decision tree for pattern selection:

Start at the root and follow the branch that matches your requirement; the terminal leaf identifies the recommended pattern.

    
    graph TD
    Q1{"Learning from
stress events?"}
    Q2{"Discrete or
continuous
actions?"}
    Q3{"Parameters or
predictions?"}
    Q4{"Adapting
behavior?"}
    Q5{"Resources or
capabilities?"}
    Q6{"Thresholds?"}
    Q7{"Validating
changes?"}
    Q8{"Sequence
dependencies?"}
    Q9{"Proactive or
reactive?"}

    L1["L1: Multi-Armed
Bandit"]
    L2["L2: Bayesian
Update"]
    L3["L3: Partition
Prediction"]
    A1["A1: Dynamic
Resource Weighting"]
    A2["A2: Graceful
Degradation Ladder"]
    A3["A3: Adaptive
Threshold"]
    V1["V1: Phase-Gate
Validation"]
    V2["V2: Chaos
Engineering"]
    V3["V3: Regression
Invariants"]

    Q1 -->|"Yes"| Q2
    Q1 -->|"No"| Q4
    Q2 -->|"Discrete"| L1
    Q2 -->|"Continuous"| Q3
    Q3 -->|"Parameters"| L2
    Q3 -->|"Predictions"| L3
    Q4 -->|"Yes"| Q5
    Q4 -->|"No"| Q7
    Q5 -->|"Resources"| A1
    Q5 -->|"Capabilities"| A2
    Q5 -->|"Neither"| Q6
    Q6 -->|"Yes"| A3
    Q7 -->|"Yes"| Q8
    Q8 -->|"Yes"| V1
    Q8 -->|"No"| Q9
    Q9 -->|"Proactive"| V2
    Q9 -->|"Reactive"| V3

    style L1 fill:#e3f2fd,stroke:#1976d2
    style L2 fill:#e3f2fd,stroke:#1976d2
    style L3 fill:#e3f2fd,stroke:#1976d2
    style A1 fill:#fff3e0,stroke:#f57c00
    style A2 fill:#fff3e0,stroke:#f57c00
    style A3 fill:#fff3e0,stroke:#f57c00
    style V1 fill:#e8f5e9,stroke:#388e3c
    style V2 fill:#e8f5e9,stroke:#388e3c
    style V3 fill:#e8f5e9,stroke:#388e3c

Pattern Combination Matrix

Most systems use multiple patterns together. Common combinations:

Combination	Synergy	Example
L1 + A3	Bandit learns threshold adjustment policy	Healing action selection with adaptive confidence
L2 + L3	Bayesian updates improve prediction	Connectivity model informs partition prediction
A1 + A2	Resources shift as degradation level changes	Budget reallocation at each ladder rung
V1 + V3	Phase gates become regression invariants	Gate predicates verified continuously
V2 + L1	Chaos discovers actions, bandit learns	Failure injection feeds learning loop
All Learning + V2	Chaos accelerates learning	Induced stress provides training data

RAVEN pattern stack: L1 (healing selection) + L2 (connectivity model) + L3 (partition prediction) + A2 (5-level degradation) + A3 (anomaly thresholds) + V1 (5-phase gates) + V3 (34 invariants).

Minimum viable pattern set for anti-fragile edge system: at least one learning mechanism (L1 or L2); graceful degradation (A2, essential); and regression invariants (V3, to prevent backsliding). Without these three, the system may survive stress but will not improve from it.

Cognitive Map: The design pattern catalog translates theory into selection criteria. Patterns are organized by mechanism class — learning (L), adaptive (A), and verification (V) — with explicit applicability conditions and failure modes for each. Pattern composition tables show which combinations synergize (L1 + A1 = healing action selection improves under stress) and which are prerequisites (V3 is the minimum viable verification pattern for any learning system). The RAVEN stack (L1, L2, L3, A2, A3, V1, V3) is the reference multi-pattern implementation for contested autonomic systems.

The Limits of Automation

Anti-fragile learning depends on autonomous feedback loops. But autonomous healing can amplify problems rather than solving them — restarting a service during a deliberate stress test, locking an executive’s account during a crisis, exhausting healing budget on adversarially-induced false alarms. The learning machinery itself can become a failure mode. The response is to monitor automation quality with circuit breakers and override tracking. The Judgment Horizon ( Definition 91 ) provides a formal rule for when human authority is required — any decision crossing thresholds on irreversibility, precedent impact, uncertainty, or ethical weight gets escalated regardless of automation capability, and the adaptive threshold ( $\tau_{\text{override}}$ ) self-calibrates from override history. The trade-off is that lowering the escalation threshold reduces autonomous action risk but increases human burden; the Brier-score proper scoring rule makes honest confidence reporting the dominant strategy, preventing strategic under-escalation near the boundary, while the SPRT gives the statistically optimal stopping rule for when enough evidence has accumulated to act versus wait.

When Autonomous Healing Makes Things Worse

Automation is not unconditionally beneficial. Autonomous healing can fail in ways that amplify problems rather than solving them.

In the first failure mode (correct action, wrong context), a healing mechanism detects an anomaly and restarts a service — but the anomaly was a deliberate stress test by operators. The restart interrupts the test, requiring it to be rerun. The automation was correct according to its model but the model did not account for deliberate testing.

In the second failure mode (correct detection, wrong response), an intrusion detection system identifies unusual access patterns. The autonomous response is to lock the account — but the unusual pattern was an executive accessing systems during a crisis. The lockout escalated the crisis. The detection was correct; the response was wrong for the context.

In the third failure mode (feedback loops), a healing action triggers monitoring alerts. The alerts trigger additional healing actions. Those actions trigger more alerts. The system oscillates, consuming resources in an infinite healing loop — the automation’s response to symptoms created more symptoms.

In the fourth failure mode (adversarial gaming), an adversary learns the automation’s response patterns. They trigger false alarms to exhaust the healing budget. When the real attack comes, the system’s healing capacity is depleted. The automation’s predictability became a vulnerability.

Detection mechanisms for adversarial gaming include monitoring for conditions that worsen despite healing, tracking healing action frequency and intervening when it is abnormally high, implementing healing circuit breakers that halt repeated failing actions, and alerting operators when automation confidence drops below threshold. When automation failure is detected, the response is to reduce the automation level (requiring higher confidence before autonomous action), increase human visibility by surfacing more decisions for review, log the failure mode for post-hoc analysis, and update the automation policy to prevent recurrence.

The anti-fragile principle: automation failures improve automation. Each failure mode discovered becomes a guard against that failure mode. The system learns what it cannot automate safely.

The Judgment Horizon

Some decisions should never be automated, regardless of connectivity state .

Definition 91 (Judgment Horizon). The judgment horizon $\mathcal{J}$ is the decision boundary defined by threshold conditions on irreversibility $I$, precedent impact $P$, model uncertainty $U$, and ethical weight $E$:

$d \in \mathcal{J} \Leftrightarrow I(d) > \theta_I \lor P(d) > \theta_P \lor U(d) > \theta_U \lor E(d) > \theta_E$

Decisions crossing any threshold require human authority, regardless of automation capability.

Game-Theoretic Extension: Incentive-Compatible Escalation

Definition 91 ’s judgment horizon $\mathcal{J}$ uses fixed threshold conditions. If the autonomous system’s utility places any weight on mission completion over human oversight, it will strategically under-escalate for borderline decisions.

Cheap-talk model (Crawford-Sobel): The system (sender) has private information $t$ (true decision severity) and sends escalation signal $m \in \{\text{escalate}, \text{auto}\}$ to the human operator (receiver). When system utility from autonomous action exceeds utility from human review for borderline decisions, the equilibrium has the system choosing $m = \text{auto}$ near the $\mathcal{J}$ boundary - strategic under-escalation.

Preference-revealing mechanism: A decision $d$ is routed to the adaptive judgment horizon $\mathcal{J}_{\text{adaptive}}$ when the product of its uncertainty score and consequence magnitude exceeds a threshold $\tau_{\text{override}}$ that is continuously recalibrated from the historical rate at which autonomous decisions are subsequently overridden.

$d \in \mathcal{J}_{\text{adaptive}} \iff \text{Uncertainty}(d) \cdot \text{Magnitude}(d) > \tau_{\text{override}}$

where $\tau_{\text{override}}$ is continuously updated to match the empirical rate at which autonomous decisions are subsequently overridden. Systems that are overridden frequently have $\tau_{\text{override}}$ lowered - they escalate more decisions until divergence drops.

Proper scoring rule: The Brier score $BS = (1/N)\sum_{i=1}^{N}(f_i - o_i)^2$ (forecast $f_i$ vs. outcome $o_i$) is incentive-compatible for escalation reporting: a node minimizes its expected Brier score by reporting its true escalation probability, not by gaming the threshold. Applied here, the Brier score measures how close the system’s stated confidence $p_{\text{auto}}$ is to the ground-truth indicator of whether a human operator would have agreed, penalising overconfident autonomous decisions quadratically.

$\text{BS} = \bigl(p_{\text{auto}} - \mathbb{1}[\text{human would agree}]\bigr)^2$

Decisions not escalated that the human would have changed differently incur high Brier cost; correct autonomous decisions incur low cost. Under the Brier score, honest uncertainty reporting is a dominant strategy - the system cannot benefit from misrepresenting its confidence.

Practical implication: Implement a running divergence metric between autonomous decisions and estimated human preferences. When divergence exceeds a threshold, automatically lower $\tau_{\text{override}}$ for that decision class. This is a self-calibrating escalation mechanism requiring no manual threshold tuning.

Statistical Extension: Sequential Probability Ratio Test

The Crawford-Sobel escalation mechanism (above) addresses who should decide. The Sequential Probability Ratio Test (SPRT) addresses when enough evidence has accumulated to decide — the optimal stopping problem dual to the judgment horizon . SPRT optimally balances Type I/II error trade-offs for binary escalation decisions: it accumulates a likelihood ratio statistic until sufficient evidence crosses either the escalation or no-escalation boundary, minimizing expected sample size among all tests achieving the same error rates.

Wald’s SPRT: Given observations $x_1, x_2, \ldots$ drawn from either $H_0$ (normal operation) or $H_1$ (escalation warranted), maintain the cumulative log-likelihood ratio:

$\Lambda_t = \sum_{i=1}^{t} \ln \frac{p(x_i \mid H_1)}{p(x_i \mid H_0)}$

Stop and escalate when $\Lambda_t \geq B = \ln\frac{1-\beta}{\alpha}$ ; stop and continue autonomous operation when $\Lambda_t \leq A = \ln\frac{\beta}{1-\alpha}$ ; otherwise collect another observation. Here $\alpha$ is the false-escalation rate and $\beta$ is the missed-escalation rate. ($\alpha$ here is the statistical significance level — the Type I error rate for the escalation hypothesis test; distinct from the Lyapunov convergence rate $\alpha > 0$ in the stability section, the false-alarm rates $\alpha_Q, \alpha_{\text{corr}}$ in the Q-change detector, and the Beta prior shape $\alpha_k$ in Thompson Sampling.)

Optimality: Wald and Wolfowitz (1948) proved SPRT minimizes expected sample size among all sequential tests with the same error rates $(\alpha, \beta)$. For the judgment horizon , this means SPRT reaches an escalation decision with the fewest possible observations - critical under the connectivity and power constraints of RAVEN and CONVOY .

Connection to Definition 91 : The four judgment horizon thresholds $\theta_I, \theta_P, \theta_U, \theta_E$ (irreversibility, precedent, uncertainty, ethical weight) each define a separate SPRT boundary. The composite judgment horizon is reached when any single ratio crosses its threshold - an OR-combination of four parallel SPRT tests, each specialized to a decision dimension. This is more principled than fixed thresholds: the boundaries $A$ and $B$ are derived directly from the acceptable false-escalation and missed-escalation rates, rather than being hand-tuned.

Practical implication: Calibrate $\alpha$ (false escalation rate) and $\beta$ (missed escalation rate) from operational cost data. SPRT then automatically determines how many observations are needed before crossing the threshold - eliminating the arbitrary “wait N seconds” heuristics common in current autonomic systems.

Judgment Horizon: Formal Decision Problem

The judgment horizon defines a classification decision: for each decision $d$, determine whether it requires human authority ($h = 1$) or can be automated ($h = 0$).

Objective Function:

The optimal escalation policy $h^*(d)$ minimizes expected cost, trading off $C_{\text{FN}}$ (cost of wrongly automating a judgment-requiring decision) against $C_{\text{FP}}$ (delay cost of wrongly escalating an automatable decision).

$h^*(d) = \arg\min_{h \in \{0,1\}} \mathbb{E}\left[ C_{\text{FN}} \cdot \mathbf{1}_{h=0, d \in \mathcal{J}} + C_{\text{FP}} \cdot \mathbf{1}_{h=1, d \notin \mathcal{J}} \right]$

where $C_{\text{FN}}$ is the cost of automating a judgment-requiring decision (false negative), and $C_{\text{FP}}$ is the delay cost of requiring human approval for an automatable decision (false positive).

Constraint Set: Three hard constraints govern the judgment horizon classifier — it must never automate a decision that belongs in $\mathcal{J}$ (zero false negative rate), it must classify each decision in constant time to support real-time operation, and it must assign the same decision to the same class on every evaluation.

$\begin{aligned} &g_1: P(\text{automate} | d \in \mathcal{J}) = 0 && \text{(zero false negative rate)} \\ &g_2: I(d), P(d), U(d), E(d) \text{ computable in } O(1) && \text{(real-time classification)} \\ &g_3: h(d) \text{ deterministic for fixed } d && \text{(consistency requirement)} \end{aligned}$

State Transition Model:

Each threshold $\theta_i$ is updated by taking a gradient step that reduces the loss $\mathcal{L}$ , which penalizes false negatives infinitely (per constraint $g_1$) and false positives in proportion to $C_{\text{FP}}$ , so the boundary moves conservatively toward fewer missed escalations.

$\theta_{i,t+1} = \theta_{i,t} - \eta \cdot \nabla_{\theta_i} \mathcal{L}(h, d, \text{outcome})$

where $\mathcal{L}$ penalizes false negatives infinitely (constraint $g_1$) and false positives according to $C_{\text{FP}}$ .

Decision Rule:

Because $C_{\text{FN}} \gg C_{\text{FP}}$ , the optimal policy $h^*(d)$ escalates any decision that crosses even one threshold — the disjunction over the four scores ensures that a single high-irreversibility or high-uncertainty signal is sufficient to require human authority.

$h^*(d) = \mathbf{1}\left[ I(d) > \theta_I \lor P(d) > \theta_P \lor U(d) > \theta_U \lor E(d) > \theta_E \right]$

The disjunction ensures that exceeding any threshold triggers human authority, enforcing the zero false negative constraint.

The Judgment Horizon is the boundary separating automatable decisions from human-reserved decisions. This boundary is not arbitrary - it reflects fundamental properties of decision consequences.

Decisions beyond the judgment horizon include: first activation of irreversible systems in a new context (novel situations requiring human judgment on operational boundaries); mission abort that leaves partner systems stranded (where strategic and ethical implications require human authority); actions with irreversible strategic consequences such as crossing red lines or creating international incidents; decisions under unprecedented uncertainty where models have no applicable data; and equity and justice determinations affecting human rights or resource allocation.

These decisions share common characteristics: each triggers the “human required” condition when at least one of four scored properties — irreversibility, precedent impact, model uncertainty, or ethical weight — exceeds its respective threshold $\theta$.

$\text{Human Required} \Leftarrow \begin{cases} \text{Irreversibility} > \theta_{\text{irrev}} & \text{cannot undo} \\ \text{Precedent impact} > \theta_{\text{prec}} & \text{sets future policy} \\ \text{Model uncertainty} > \theta_{\text{unc}} & \text{outside training distribution} \\ \text{Ethical weight} > \theta_{\text{eth}} & \text{affects human welfare} \end{cases}$

The judgment horizon is not a failure of automation - it is a design choice recognizing that some decisions require human accountability. Automating these decisions does not make them faster; it makes them wrong in ways that matter.

Hard-coded constraints: Some rules cannot be learned or adjusted: “Never execute irreversible actions without explicit authorization,” “Never abandon stranded assets or operators without command approval,” and “Never proceed when self-test indicates critical malfunction.” These rules are coded as invariants, not learned parameters. No amount of operational experience should modify them.

Designing the boundary: The judgment horizon should be explicit in system architecture. Each decision type should be classified as automatable or human-required. For human-required decisions during partition, the system should cache the decision need and request approval when connectivity restores. For truly time-critical human decisions, pre-authorize ranges of action and delegate within bounds. The boundary and its rationale belong in the architecture specification.

The judgment horizon separates what automation can do from what automation should do.

Override Mechanisms and Human-in-the-Loop

Even below the judgment horizon , human operators should be able to override autonomous decisions. Override mechanisms create a feedback loop that improves automation.

Override workflow: The system makes an autonomous decision, surfaces it to the operator if connectivity allows, provides context for review, and logs whether the operator accepts or overrides. Both outcomes become training data.

Priority ordering for operator attention: Operators cannot review all decisions. The system should surface the most consequential decisions first — those closest to the judgment horizon , those with lowest automation confidence, those with highest consequence magnitude, and those arising in novel contexts.

Context provision: The system should show operators what it knows — relevant sensor data and confidence levels, the options considered and rationale for the selection, similar past decisions and their outcomes, and the current model uncertainty estimate.

Learning from overrides: Each override $\text{Override}_i$ is classified into one of four root causes, and each root cause routes to a distinct corrective action — so every override improves the system whether the original decision was right or wrong.

$\text{Override}_i = \begin{cases} \text{System error} & \rightarrow \text{update decision model} \\ \text{Context system missed} & \rightarrow \text{add context features} \\ \text{Operator error} & \rightarrow \text{improve context display} \\ \text{Policy change} & \rightarrow \text{update policy parameters} \end{cases}$

Post-hoc analysis classifies overrides and routes them to appropriate improvement mechanisms.

Delayed override: During partition, operators cannot override in real-time. The system makes the autonomous decision, logs it with full context, and executes. Upon reconnection, it surfaces the decision for retrospective review: the operator marks it “would have approved” or “would have overridden,” and “would have overridden” cases update the decision model.

Anti-fragile insight: overrides improve automation calibration. A system with 1000 logged overrides has a more accurate decision model than a system with none. The human-in-the-loop is not a bottleneck - it is a teacher.

Cognitive Map: The limits-of-automation section grounds the anti-fragile framework in the four failure modes where autonomous healing makes things worse. The Judgment Horizon formalizes the non-automatable decision class using four threshold conditions. The incentive-compatible escalation mechanism (adaptive $\tau_{\text{override}}$ + Brier scoring) closes the feedback loop: every override is training data that recalibrates the escalation threshold. The SPRT provides the statistically optimal stopping rule within the judgment horizon framework — wait for evidence, then escalate decisively.

The Anti-Fragile RAVEN

The anti-fragile framework is abstract until applied to a concrete system through a full improvement cycle. What does day-by-day parameter evolution actually look like, and how do the mechanisms interact over time? Trace RAVEN from deployment through four weeks of operations: design-time parameters at Day 1, operational learning after stress events, measurable improvement in formation efficiency, detection accuracy, and connectivity threshold calibration by Day 30. The improvement cycle requires a sufficient number of stress events to produce meaningful parameter updates — a system that sees no stress events produces no improvement. Anti-fragility is only observable over a horizon that includes multiple stress events. Short-duration missions may not have enough events for the UCB/EXP3 learners to converge.

Let us trace the complete anti-fragile improvement cycle for RAVEN over four weeks of operations.

Day 1: Deployment RAVEN deploys with design-time parameters: formation spacing of 200m (illustrative value), gossip interval of 5s (illustrative value), a simulation-based Markov connectivity model, lab-calibrated anomaly detection baselines, and a conservative L2 capability threshold at $C \geq 0.3$ (illustrative value).

Week 1: First Partition Events Two partition events occur (47min and 23min duration (illustrative value)). Lessons learned: formation spacing was too loose for the terrain — mesh reliability dropped below threshold at 200m (illustrative value); the gossip interval was inefficient — 5s (illustrative value) was too slow under jamming and too fast in clear conditions. Parameter adjustments moved formation spacing from a fixed 200m (illustrative value) to an adaptive 180–220m (illustrative value) range based on signal quality, and gossip interval from a fixed 5s (illustrative value) to an adaptive 3–8s (illustrative value) range based on packet loss rate. Connectivity model: transition $\lambda_{C \rightarrow D}$ updated from 0.02 to 0.035 (illustrative value) — more frequent degradation than the simulation anticipated.

Week 2: Adversarial Jamming Two coordinated jamming episodes. Lessons learned: the anomaly detector missed jamming signatures because it had been trained only on natural failures, and the connectivity model had no “jamming” state distinct from natural degradation. Model updates added jamming-specific features to anomaly detection — SNR drop pattern, multi-drone correlation, frequency sweep signature — and added an explicit “jamming” state with distinct transition rates to the connectivity model. New detection capability: jamming versus natural degradation classification at 89% (illustrative value) accuracy after training on 2 episodes (illustrative value).

Week 3: Drone Loss Three drones lost (2 mechanical failure, 1 adversarial action (illustrative value)). Lessons learned: healing priority was wrong — the system had prioritized surveillance restoration over mesh connectivity, but mesh must restore first since surveillance depends on it. Healing policy update: recovery ordering set to mesh connectivity first, then surveillance, then other functions. Minimum viable formation updated to 12 drones (illustrative value) for L1 capability — discovered through stress, down from the previously assumed 18 (illustrative value).

Week 4: Complex Partition Multi-cluster partition with asymmetric information. Lessons learned: state reconciliation priority was unclear when threat data conflicted with survey data, and decision authority was ambiguous when multiple nodes claimed cluster-lead authority. Coherence updates established a reconciliation priority ordering — threat data, then position data, then survey data, then metadata — and adopted an explicit cluster-lead designation protocol using a GPS-denied-safe tie-breaker. Authority delegation rules were refined based on the reconciliation conflicts observed.

Day 30: Assessment The table below compares five key metrics between the deployment-day baseline and the 30-day mark, with every metric improving solely through operational learning — no external software updates were pushed.

Metric	Day 1	Day 30	Improvement
Threat detection latency	800ms	340ms	57% faster
Partition recovery time	340s	67s	80% faster
Jamming detection accuracy	0%	89%	New capability
L2 connectivity threshold	0.30	0.25	17% more capable
False positive rate	12%	3%	75% reduction

RAVEN at day 30 outperforms RAVEN at day 1 on every metric - not because of software updates pushed from command, but because the architecture extracted learning from operational stress.

This is anti-fragility in practice.

Cognitive Map: The anti-fragile RAVEN case trace shows anti-fragility as a quantified time series: formation efficiency improves from 67% to 89%, anomaly false-positive rate drops from 18% to 6%, connectivity threshold recalibrates from 0.3 to 0.25. Each improvement follows a stress event that provided learning signal. The four-week arc demonstrates the ESS argument: a fleet that copies successful policies will converge to anti-fragile parameter sets, because anti-fragile nodes accumulate operational improvements while fragile nodes repeatedly start from design-time estimates.

Engineering Judgment: Where Models End

Every model has a validity envelope. UCB assumes stochastic rewards; EXP3 assumes oblivious adversaries; Lyapunov stability assumes the dynamics model is correct. When these assumptions fail, the formal guarantees evaporate — but the system keeps running, producing outputs that appear correct until they are not. Enumerate the model boundaries explicitly as a catalog. For each abstraction, identify: the assumption that must hold, the observable signal when it fails, and the mitigation. Engineering judgment is not a fallback when models fail — it is the recognition that model boundaries are design artifacts requiring the same rigor as the models themselves. Cataloging boundaries does not eliminate them. Some failure modes have no algorithmic mitigation — they require human judgment (see Judgment Horizon, Definition 91 ). The catalog’s value is not solving the problem but making the problem visible before it becomes an incident.

Every model has boundaries. Every abstraction leaks. Every automation encounters situations it was not designed to handle. The recurring theme throughout this series is the limit of technical abstractions.

The Model Boundary Catalog

Connectivity Markov models fail under adversarial adaptation. The connectivity Markov model assumes transition probabilities are stationary. An adversary who observes the system’s behavior can change their tactics to invalidate the model. Yesterday’s transition rates don’t predict tomorrow’s adversary.

Anomaly detection fails with novel failure modes. Anomaly detectors learn the distribution of normal behavior. A failure mode never seen before - outside the training distribution - may not be detected as anomalous. The detector knows what it has seen, not what is possible.

Healing models fail when healing logic is corrupted. Self-healing assumes the healing mechanisms themselves are correct. A bug in the healing logic, or corruption of the healing policy, creates a failure mode the healing cannot address - it is the failure.

Coherence models fail with irreconcilable conflicts. CRDT s and reconciliation protocols assume eventual consistency is achievable. Some conflicts - contradictory physical actions, mutually exclusive resource claims - cannot be merged. The model assumes a solution exists when it may not.

Learning models fail with insufficient data. Bandit algorithms and Bayesian updates assume enough samples to converge. In edge environments with rare events and short deployments, convergence may not occur before the mission ends.

The Engineer’s Role

Given that all models fail, what is the engineer’s responsibility? First: know the model’s assumptions — document explicitly what must be true for the model to work, what inputs are in-distribution, and what adversary behaviors are anticipated. Second: monitor for assumption violations — instrument the system to detect when assumptions fail; when GPS availability drops to zero, the navigation model’s assumption is violated and the system must detect this and respond. Third: design fallback for when models fail — no model should be a single point of failure; when the connectivity model predicts wrong, something else must catch it; when the anomaly detector misses, another layer must detect the failure; defense in depth applies to model failures as much as to hardware ones. Fourth: learn from failures to improve models — every model failure is evidence; capture it, analyze it, and update the model or narrow its scope; the model that failed under adversarial jamming should now include jamming as an explicit scenario.

Anti-Fragility Requires Both Automation AND Judgment

The relationship between automation and engineering judgment is not adversarial - it is symbiotic.

Automation handles routine work at scale — processing thousands of sensor readings, making millions of micro-decisions, maintaining continuous vigilance — in ways no human can match. Judgment handles novel situations: recognizing when the model does not apply, when the context is unprecedented, when the stakes exceed the automation’s authority. No automation can match human judgment for genuinely novel situations. The system improves when judgment informs automation: every case where human judgment corrected automation becomes training data for better automation, and every novel situation handled by judgment becomes a new scenario for automation to learn.

The diagram below illustrates this symbiosis: automation handles routine decisions in a tight loop, novel situations break out to human judgment, and the logged decision re-enters the system as training data that progressively expands automation’s scope.

    
    graph LR
    A["Automation
(handles routine)"] --> B{"Novel
Situation?"}
    B -->|"No"| A
    B -->|"Yes"| C["Human Judgment
(applies expertise)"]
    C --> D["Decision Logged
(with context)"]
    D --> E["System Learns
(expands automation)"]
    E --> A

    style A fill:#bbdefb,stroke:#1976d2
    style B fill:#fff9c4,stroke:#f9a825
    style C fill:#c8e6c9,stroke:#388e3c
    style D fill:#e1bee7,stroke:#7b1fa2
    style E fill:#ffcc80,stroke:#ef6c00

This cycle is the mechanism of anti-fragility . The system encounters stress. Automation handles what it can. Judgment handles what it cannot. The system learns from both. The next stress event is handled better.

The Best Edge Architects

The best edge architects understand what their models cannot do.

They do not pretend their connectivity model captures adversarial adaptation. They instrument for model failure.

They do not assume their anomaly detector will catch every failure. They design defense in depth.

They do not believe their automation will never make mistakes. They build override mechanisms and learn from corrections.

They do not treat the judgment horizon as a limitation. They recognize it as appropriate design for consequential decisions.

The anti-fragile edge system is not one that never fails. It is one designed to learn from observable failures, to extract improvement from survivable stress, and to recognize the boundaries of its models. Whether it achieves this depends on the validity conditions outlined in this article.

Automation extends our reach. Judgment ensures we don’t extend past what we can responsibly control. The integration of both - with explicit boundaries, override mechanisms, and learning loops - is the architecture of anti-fragility .

“The best edge systems are designed not for the world as we wish it were, but for the world as it is: contested, uncertain, and unforgiving of hubris about what our models can do.”

Cognitive Map: The engineering judgment section is a meta-pattern for the entire series: enumerate assumptions, identify observable failure signals, specify mitigations, and accept that some boundaries require human judgment rather than algorithmic response. The model boundary catalog is not a list of known bugs — it is the explicit acknowledgment that every formal guarantee in this series has an assumption set, and those assumptions can be violated. An engineer who can recite the boundary catalog for their deployment is more operationally prepared than one who can recite the theorems.

Model Scope and Failure Envelope

Every mechanism in this post carries implicit assumptions. Anti-fragility requires that stress events improve calibration — but this only holds if the feedback loop is correctly wired. UCB regret bounds assume stochastic rewards. The SOE bounds assume the dynamics model is approximately correct. In adversarial or distributional-shift scenarios, these assumptions can fail silently. For each mechanism, enumerate the validity domain as a set of assumptions, specify the failure envelope, and identify observable detection signals and mitigations. The summary claim-assumption-failure table at the end of each subsection functions as a deployment checklist. Validity envelopes define when to trust the formal guarantees — but they do not define when to trust the overall system. A system operating outside one mechanism’s validity envelope may still function correctly if other mechanisms compensate. Defense-in-depth applies to validity constraints as well as to failure modes.

Each mechanism has bounded validity. When assumptions fail, so does the mechanism.

Anti-Fragility Coefficient Measurement

Validity Domain:

The anti-fragility coefficient $\mathbb{A}$ is valid only within the set of system states $S$ where all three measurement assumptions hold simultaneously.

$\mathcal{D}_{\text{anti-fragile}} = \{S \mid A_1 \land A_2 \land A_3\}$

where:

$A_1$: Performance $P$ is measurable with bounded error
$A_2$: Stress magnitude $\sigma$ is quantifiable
$A_3$: Post-stress measurement is independent of stress event (no survivorship bias)

Failure Envelope: The three rows below each name an assumption violation, the failure mode it produces, how the failure can be detected, and the recommended mitigation.

Assumption Violation	Failure Mode	Detection	Mitigation
Performance not measurable	Cannot compute $\mathbb{A}$	Metrics undefined or noisy	Define measurable proxies
Stress magnitude ambiguous	Normalization fails	$\sigma$ varies across measurements	Standardized stress taxonomy
Survivorship bias	$\mathbb{A}$ inflated	Only successful recoveries measured	Include failure cases in denominator

Counter-scenario: Systems that fail catastrophically under stress are not measured post-stress. Only survivors contribute to $\mathbb{A}$ estimate, inflating apparent anti-fragility . Detection: compare $n_{\text{stressed}}$ to $n_{\text{measured}}$ . Mitigation: account for failure cases as $\mathbb{A} = -\infty$ or excluded with explicit note.

Stress-Information Duality

Validity Domain:

Proposition 57 ’s information-from-stress formula applies only when the system can actually observe, attribute, and extract information from failure events — the three conditions below.

$\mathcal{D}_{\text{information}} = \{S \mid B_1 \land B_2 \land B_3\}$

where:

$B_1$: Failure is observable (not silent)
$B_2$: Root cause is identifiable
$B_3$: Information extraction mechanism exists

Information Bound: $I = -\log_2 P(\text{failure})$ is theoretical maximum. Practical extraction depends on logging fidelity.

Failure Envelope: Each row identifies a condition under which the information-from-stress mechanism fails silently — the most dangerous case because the system believes it is learning when it is not.

Assumption Violation	Failure Mode	Detection	Mitigation
Silent failure	Information not captured	Expected failures not logged	Heartbeat; watchdog
Ambiguous causation	Wrong lesson learned	Multiple root causes plausible	Structured diagnosis
No extraction mechanism	Information lost	Failure logged but not analyzed	Post-mortem process

Counter-scenario: Catastrophic failure destroys logging infrastructure. The highest-information failures (rarest, most severe) are exactly those least likely to be captured. Detection: expected failure rate vs logged failure rate. Mitigation: redundant logging; off-device telemetry when connected.

Bandit-Based Parameter Optimization

Validity Domain:

The UCB and Thompson Sampling regret bounds from Proposition 58 hold only in environments that satisfy the following discreteness, observability, and stationarity conditions.

$\mathcal{D}_{\text{bandit}} = \{S \mid C_1 \land C_2 \land C_3\}$

where:

$C_1$: Parameter space is discrete or discretizable
$C_2$: Reward signal is informative and observable
$C_3$: Environment is approximately stationary over learning horizon

Regret Bound: UCB achieves $O(\sqrt{TK \ln T})$ regret under assumptions.

Failure Envelope: The three violation modes below cause the regret bound to break down in qualitatively different ways — discretization error, sampling insufficiency, and stationarity violation each require a distinct mitigation.

Assumption Violation	Failure Mode	Detection	Mitigation
Continuous parameters	Discretization loses optima	Grid search suboptimal	Bayesian optimization
Sparse/delayed reward	Slow convergence	Samples per arm < 10	Shaped rewards; priors
Non-stationary	Converges to stale optimum	Performance decline over time	Sliding window; restarts

Counter-scenario: Adversarial environment that adapts to learned parameters. Optimal parameters become suboptimal as adversary counters. The bandit converges, then the target moves. Detection: sudden performance drop after stable period. Mitigation: periodic exploration; randomization.

Judgment Horizon Classification

Validity Domain:

Definition 91 ’s boundary between automatable and human-reserved decisions is reliable only when irreversibility is assessable, relevant precedent exists, and human operators can actually be reached when required.

$\mathcal{D}_{\text{judgment}} = \{S \mid D_1 \land D_2 \land D_3\}$

where:

$D_1$: Decision irreversibility is assessable
$D_2$: Decision precedent exists in training data
$D_3$: Human operators are reachable when required

Failure Envelope: Each row corresponds to one of the three domain conditions $D_1$–$D_3$ failing; notably, operator unreachability ($D_3$) is the failure mode most likely to arise in exactly the contested partition scenarios this framework targets.

Assumption Violation	Failure Mode	Detection	Mitigation
Irreversibility unknown	Decision classified incorrectly	Post-hoc discovery of consequences	Conservative default
No precedent	Classifier extrapolates poorly	Decision outside training distribution	Defer novel decisions
Operators unreachable	Deferred decision cannot execute	Queue depth increases	Escalation timeout; emergency authority

Uncertainty bound: Classification accuracy depends on decision similarity to training data. For novel decisions, expect accuracy degradation. Calibrate thresholds conservatively for high-stakes decisions.

Summary: Claim-Assumption-Failure Table

The table below consolidates the validity boundaries of the four core mechanisms in this article, mapping each claim to the assumptions it depends on, the conditions under which it holds, and the conditions under which it breaks.

Claim	Key Assumptions	Valid When	Fails When
$\mathbb{A} > 0$ indicates improvement	Measurable $P$, quantifiable $\sigma$, unbiased sampling	Controlled measurement	Survivorship bias; unmeasurable
Rare failures carry information	Observable, diagnosable, extractable	Good logging infrastructure	Silent/catastrophic failures
Bandits converge to optimal	Stationary, discrete, observable rewards	Stable environment	Adversarial adaptation
Judgment horizon protects high-stakes	Irreversibility known, precedent exists	Well-characterized decisions	Novel scenarios

Cognitive Map: The model scope section is a deployment-readiness checklist for this post. Anti-fragility measurement requires that stress events are correctly detected and attributed. UCB is valid only in stationary, non-adversarial environments. SOE bounds require a correct dynamics model. EXP3 provides minimax guarantees only against oblivious adversaries. The summary table maps each claim to its validity condition, observable failure signal, and mitigation — consult it before deploying any mechanism outside its design environment.

Irreducible Trade-offs

Anti-fragile systems must simultaneously learn fast, remain stable, explore broadly, and defend against adversarial rewards. These objectives are mutually constraining — progress on any one comes at the cost of another. Name the four fundamental trade-offs: learning rate vs. stability, exploration vs. exploitation, adaptability vs. predictability, and automation scope vs. oversight burden. Provide multi-objective formulations and Pareto characterizations for each. The architect’s role is selecting a defensible point on each front, not eliminating the tension. These are irreducible — not just difficult engineering problems, but fundamental conflicts where full optimization of one objective provably degrades another. The cost surface decomposition shows the total anti-fragility cost as a function of partition duration, learning rate, and adversarial intensity.

No design eliminates these tensions. The architect selects a point on each Pareto front.

Trade-off 1: Learning Rate vs. Stability

Multi-objective formulation:

The three objectives below — adaptation speed, noise immunity, and non-stationarity tracking — are jointly maximized over learning rate $\eta$, but no single $\eta$ achieves all three simultaneously.

$\max_{\eta} \left( U_{\text{learning}}(\eta), U_{\text{stability}}(\eta), U_{\text{tracking}}(\eta) \right)$

where $\eta$ is learning rate.

Pareto front: The three rows sample the trade-off space; each row shows how the three performance dimensions move together as $\eta$ increases, confirming that no single value simultaneously achieves fast learning, low noise sensitivity, and strong tracking.

Learning Rate $\eta$	Learning Speed	Noise Sensitivity	Tracking Ability
0.01	Slow	Low	Poor
0.1	Medium	Medium	Medium
0.5	Fast	High	Good

High $\eta$ tracks changes quickly but amplifies noise. Low $\eta$ is stable but fails to track non-stationarity. No single $\eta$ optimizes all dimensions.

Trade-off 2: Stress Exposure vs. System Safety

Multi-objective formulation:

Increasing induced stress $\sigma$ raises information gain $I(\text{failure}; \sigma)$ but also raises catastrophe probability; the two objectives conflict and no single $\sigma$ maximizes both.

$\max_{\sigma} \left( I(\text{failure}; \sigma), -P(\text{catastrophe} | \sigma) \right)$

where $\sigma$ is induced stress level.

Pareto front (chaos engineering): The four rows show how information gain and catastrophe risk both increase with $\sigma$, with net value peaking around $\sigma = 0.3$–$0.5$ before catastrophe risk erodes the gain.

Stress Level $\sigma$	Information Gain	Catastrophe Risk	Net Value
0.1	0.3 bits	0.001	+0.29
0.3	0.8 bits	0.01	+0.70
0.5	1.2 bits	0.05	+0.70
0.8	1.8 bits	0.15	+0.30

Higher stress yields more information but risks catastrophic failure. Optimal stress balances information gain against system risk. Diminishing returns beyond $\sigma \approx 0.5$ .

Trade-off 3: Automation Speed vs. Decision Quality

Multi-objective formulation:

The binary choice $d$ (automate or defer to human) drives three objectives that cannot all be maximized: speed favors automation, quality and accountability favor human judgment for consequential decisions.

$\max_{d \in \{0,1\}} \left( U_{\text{speed}}(d), U_{\text{quality}}(d), U_{\text{accountability}}(d) \right)$

where $d=1$ is automated, $d=0$ is human-deferred.

Pareto front: The four decision types span the reversibility-novelty space; as irreversibility and novelty increase together, the human benefit grows and the optimal choice shifts from automation to human authority.

Decision Type	Automation Benefit	Human Benefit	Optimal Choice
Reversible, precedented	Speed	None	Automate
Reversible, novel	Speed	Quality	Context-dependent
Irreversible, precedented	Speed	Accountability	Human
Irreversible, novel	Speed	Quality + Accountability	Human

Cannot achieve speed AND quality AND accountability for irreversible novel decisions. The judgment horizon formalizes this boundary.

Trade-off 4: Exploration Breadth vs. Exploitation Depth

Multi-objective formulation:

The UCB exploration coefficient $c$ controls the balance: larger $c$ increases breadth (more exploration of uncertain arms) at the cost of depth (less exploitation of the known-best arm).

$\max_{c} \left( U_{\text{breadth}}(c), U_{\text{depth}}(c) \right)$

where $c$ is exploration parameter in UCB / Thompson Sampling .

Regret decomposition:

Total regret decomposes into two additive components: the cost incurred by trying suboptimal arms during exploration, and the cost incurred by not identifying the true optimum fast enough during exploitation.

$\text{Regret}(T) = \underbrace{R_{\text{exploration}}(c)}_{\text{cost of trying suboptimal}} + \underbrace{R_{\text{exploitation}}(c)}_{\text{cost of missing optimal}}$

The three rows below sample $c \in \{0.5, 1.0, 2.0\}$ and show how the two regret components trade off, with $c = 1.0$ achieving the minimum total at 8.7.

$c$	Exploration Regret	Exploitation Regret	Total Regret
0.5	Low	High	12.4
1.0	Medium	Medium	8.7
2.0	High	Low	11.2

Optimal $c \approx 1.0$ minimizes total regret, but cannot eliminate both components.

Cost Surface: Anti-Fragility Investment

The net cost of an anti-fragility investment level $I$ is the sum of three cost components (infrastructure, stress testing, and learning overhead) minus the value of the performance improvement the investment produces.

$C_{\text{anti-fragile}}(I) = C_{\text{infrastructure}}(I) + C_{\text{stress}}(I) + C_{\text{learning}}(I) - V_{\text{improvement}}(I)$

where $I$ is investment level.

Investment returns: The table shows the three cost components and the improvement value for each investment tier as a percentage of total system budget; Net is improvement value minus total costs.

Investment Level	Infrastructure	Stress Testing	Learning	Improvement Value	Net
Minimal	2%	1%	1%	5%	+1%
Moderate	5%	3%	3%	15%	+4%
Comprehensive	10%	5%	5%	22%	+2%

Diminishing returns: comprehensive investment yields only 2% net improvement vs. 4% for moderate.

Resource Shadow Prices

The shadow price $\zeta$ for each resource is the marginal value of one additional unit — it indicates where additional investment would deliver the highest return in system anti-fragility .

Resource	Shadow Price $\zeta$ (c.u.)	Interpretation
Learning compute	0.12/update	Value of faster adaptation
Stress budget	3.00/experiment	Value of failure information
Human attention	50.00/decision	Cost of deferred automation
Recovery margin	2.00/%-capacity	Value of stress buffer

(Shadow prices in normalized cost units (c.u.) — illustrative relative values; ratios convey anti-fragility resource scarcity ordering. Learning compute (0.12 c.u./update) is the reference unit. Calibrate to platform-specific costs.)

Irreducible Trade-off Summary

Each trade-off identified in this section represents a Pareto front that no design can eliminate; the table below names the conflicting objectives and the situation in which no single design point achieves both.

Trade-off	Objectives in Tension	Cannot Simultaneously Achieve
Learning-Stability	Fast adaptation vs. noise immunity	Both in noisy environments
Stress-Safety	Maximum information vs. zero catastrophe risk	Both with induced stress
Speed-Quality	Fast decisions vs. optimal decisions	Both for novel irreversible
Explore-Exploit	Breadth vs. depth	Zero regret on both

Cognitive Map: The irreducible trade-offs section identifies the four Pareto fronts that bound anti-fragile system design. Learning rate vs. stability is resolved by the SOE and Lyapunov constraints — they bound the learning rate to what the dynamics can absorb. Exploration vs. exploitation is resolved algorithmically (UCB, EXP3, Thompson Sampling) — the algorithm choice determines the Pareto point. Adaptability vs. predictability is resolved by the defensive learning layer — randomization provides adaptability while surviving the adversarial exploitation that pure adaptability enables. Automation vs. oversight is resolved by the Judgment Horizon — formal threshold conditions determine which decisions require human authority.

Closing: What Anti-Fragile Decision-Making Establishes

Five separate articles have developed five separate capability layers. The question is what they establish together — and what the aggregate coefficient $\bar{\mathbb{A}}$ proves about cumulative improvement over a deployment. The deployment-wide coefficient $\bar{\mathbb{A}} = \sum_i \Delta P_i / \sum_i \sigma_i$ measures average improvement per unit stress across all events. A positive $\bar{\mathbb{A}}$ after 30 days confirms that the system as a whole learned from adversity rather than merely recovering from it. The five capabilities (connectivity regime modeling, self-measurement, self-healing, fleet coherence, anti-fragile improvement) were developed against the constraints they individually resolve. Deploying all five raises a meta-question: in what sequence should they be built, and how do you know when each is sufficiently solved to advance? That question — the constraint sequence — is addressed in the next post.

Five articles developed the complete autonomic architecture: self-measurement, self-healing, self-coherence, and self-improvement. FAILSTREAM converts deliberate stress to MTTR reduction; ADAPTSHOP ’s bandits achieve near-optimal performance.

Return to our opening: the RAVEN swarm is now anti-fragile . Not because we made it perfect - perfection is unachievable. But because we made it capable of improving itself. The swarm at day 30 is better than the swarm at day 1, and the swarm at day 60 will be better still.

Anti-fragility is not a property to be added at the end — it compounds from every architectural decision made earlier. Four layers build on each other: the gossip protocol produces calibrated anomaly scores; the MAPE-K loop executes healing under uncertainty; the CRDT reconciliation turns partition into information gain; and the bandit algorithms convert stress exposure into parameter improvement. Each layer makes the next possible. Together they produce a system that learns from adversity rather than merely surviving it.

Deployment-Wide Anti-Fragility

The aggregate coefficient across multiple stress events provides a deployment-wide measure of cumulative improvement:

$\bar{\mathbb{A}} = \frac{\sum_i \Delta P_i}{\sum_i \sigma_i}$

Physical translation: $\bar{\mathbb{A}}$ is the slope of the performance-vs-cumulative-stress line. Each stress event $i$ contributes $\Delta P_i / \sigma_i$ — the improvement it produced per unit of stress it imposed. Summing across events gives the average. A positive $\bar{\mathbb{A}}$ means the line slopes upward: more total stress produced more total improvement. For RAVEN, $\bar{\mathbb{A}} > 0$ after 30 days means the stress of partitions, jamming events, and hardware failures left the swarm permanently better calibrated than it was before any of them occurred.

RAVEN after 30 days of operation: detection rate improved from 0.72 to 0.89 (in simulation) after the jamming episode (Week 2), partition recovery dropped from 340s to 67s, and false positive rate fell from 12% to 3%. Each stress event contributed positively to $\bar{\mathbb{A}}$ . The deployment-wide coefficient was positive, confirming cumulative anti-fragility rather than isolated recovery.

Five capabilities now exist: contested-connectivity regime modeling, self-measurement, self-healing, fleet coherence, and anti-fragile self-improvement. Each was developed against the immediate constraint it resolves. But a fleet deploying all five faces a different question: in what sequence should these capabilities be built, and how do you know when each is sufficiently solved to advance? That meta-question — the constraint sequence itself — is the subject of The Constraint Sequence and the Handover Boundary.

When all four Judgment Horizon conditions ( Definition 91 ) are simultaneously active — information entropy $I$ above threshold, prediction confidence $P$ below threshold, decision urgency $U$ above threshold, and energy budget $E$ below threshold — the system has crossed the handover boundary. Local autonomy must fully substitute for missing central authority. How that boundary is formally detected and the constraint sequence governing the transition is the subject of The Constraint Sequence and the Handover Boundary.

Multi-armed bandits and online learning. The multi-armed bandit formulation used throughout this article rests on two foundational results. Auer, Cesa-Bianchi, and Fischer [5] established the UCB1 algorithm and its instance-dependent $O(\ln T / \Delta_k)$ regret bound for stochastic environments. Auer, Cesa-Bianchi, Freund, and Schapire [7] proved the EXP3 minimax regret bound $O(\sqrt{TK \ln K})$ against oblivious adversaries — the guarantee underlying Definition 81 ’s EXP3-IX variant. Bubeck and Cesa-Bianchi [8] provide the comprehensive survey connecting stochastic and adversarial settings that motivates the algorithm-selection framework in the deployment decision rule. The adversarial online learning perspective is developed by Cesa-Bianchi and Lugosi [9] , whose general framework of prediction with expert advice encompasses both EXP3 and the action-correlation CUSUM ( Definition 84 ).

Anti-fragility and resilience. Taleb [4] introduced anti-fragility as convexity of the performance function in stress magnitude — the formalization in Definition 79 translates this concept into a testable mathematical property. The resilience complement to anti-fragility is grounded in Avizienis, Laprie, Randell, and Landwehr [2] , whose taxonomy of dependability properties (reliability, availability, safety, maintainability) provides the baseline that anti-fragility exceeds. The change-detection mechanisms in Definition 84 build on Page’s CUSUM [11] and the comprehensive treatment by Basseville and Nikiforov [12] , whose sequential detection theory provides the detection delay bounds in Proposition 62 .

Distributed and edge AI. The edge computing deployment context is established by Satyanarayanan [3] , whose characterization of edge system constraints — bandwidth asymmetry, intermittent connectivity, compute-constrained nodes — defines the operating envelope that makes standard cloud-centric learning inapplicable. The warm-start prior mechanism ( Definition 82 ) draws on transfer learning principles from federated settings: McMahan et al. [10] demonstrate that pre-trained weights from related distributions accelerate convergence on target tasks, directly motivating the offline-simulation prior injected at initialization. The Bayesian parameter update patterns (Pattern L2) are grounded in Gelman et al. [13] , whose treatment of conjugate priors and posterior concentration provides the convergence rate $\text{Var}(\theta | D_n) \approx \sigma^2/n$ cited in the model-update section.

Swarm coordination and autonomic decision-making. Fleet-wide policy propagation via gossip (the ESS implication in the game-theoretic extension) connects to the swarm intelligence framework of Bonabeau, Dorigo, and Theraulaz [6] , whose stigmergic and direct communication models establish how locally-adaptive agents achieve collective optimization without centralized coordination. The autonomic computing MAPE-K loop ( Definition 36 , extended throughout this article) follows the vision of Kephart and Chess [1] , who identified self-configuration, self-healing, self-optimization, and self-protection as the four properties of autonomic systems — precisely the four capability layers this series constructs formally.

References

[1] Kephart, J.O., Chess, D.M. (2003). “The Vision of Autonomic Computing.” IEEE Computer, 36(1), 41–50. [doi]

[2] Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C. (2004). “Basic Concepts and Taxonomy of Dependable and Secure Computing.” IEEE Transactions on Dependable and Secure Computing, 1(1), 11–81. [doi]

[3] Satyanarayanan, M. (2017). “The Emergence of Edge Computing.” IEEE Computer, 50(1), 30–39. [doi]

[4] Taleb, N.N. (2012). Antifragile: Things That Gain From Disorder. Random House.

[5] Auer, P., Cesa-Bianchi, N., Fischer, P. (2002). “Finite-Time Analysis of the Multiarmed Bandit Problem.” Machine Learning, 47(2–12), 235–256. [doi]

[6] Bonabeau, E., Dorigo, M., Theraulaz, G. (1999). Swarm Intelligence: From Natural to Artificial Systems. Oxford University Press. [oup]

[7] Auer, P., Cesa-Bianchi, N., Freund, Y., Schapire, R.E. (2002). “The Nonstochastic Multiarmed Bandit Problem.” SIAM Journal on Computing, 32(1), 48–71. [doi]

[8] Bubeck, S., Cesa-Bianchi, N. (2012). “Regret Analysis of Stochastic and Nonstochastic Multi-Armed Bandit Problems.” Foundations and Trends in Machine Learning, 5(1), 1–51. [doi]

[9] Cesa-Bianchi, N., Lugosi, G. (2006). Prediction, Learning, and Games. Cambridge University Press. [doi]

[10] McMahan, H.B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.Y. (2017). “Communication-Efficient Learning of Deep Networks from Decentralized Data.” Proc. AISTATS, 1273–1282. [mlr]

[11] Page, E.S. (1954). “Continuous Inspection Schemes.” Biometrika, 41(1/2), 100–44. [doi]

[12] Basseville, M., Nikiforov, I.V. (1993). Detection of Abrupt Changes: Theory and Application. Prentice Hall. [pdf]

[13] Gelman, A., Carlin, J.B., Stern, H.S., Rubin, D.B. (2003). Bayesian Data Analysis, 2nd ed. Chapman & Hall/CRC. [web]

[14] Neu, G. (2015). “Explore No More: Improved High-Probability Regret Bounds for Non-Stochastic Bandits.” Advances in Neural Information Processing Systems (NeurIPS), 28. [url]

[15] Joulani, P., György, A., Szepesvári, C. (2013). “Online Learning under Delayed Feedback.” Proc. ICML, 1453–1461. [mlr]

[16] Thompson, W.R. (1933). “On the Likelihood That One Unknown Probability Exceeds Another in View of the Evidence of Two Samples.” Biometrika, 25(3/4), 285–294. [doi]

[17] Lattimore, T., Szepesvári, C. (2020). Bandit Algorithms. Cambridge University Press. [web]

Concept	Formal Contribution	Design Consequence
Anti-Fragility	Convexity: \(d^2P/d\sigma^2 > 0\)	Design response functions that gain from variance
Stress-Information	$I = -\log_2 P(\text{failure})$	Prioritize learning from rare events
Online Optimization	UCB, EXP3, Thompson Sampling; EXP3 minimax regret $O(\sqrt{TK \ln K})$	Converge to optimal parameters; degrade gracefully under partition
Judgment Horizon	$d \in \mathcal{J} \Leftrightarrow I > \theta_I \lor P > \theta_P \lor \ldots$	Route high-stakes decisions to humans
Model Failure	Taxonomy: drift, adversarial, distributional	Defense-in-depth for each failure class

Level	Capability	Connectivity	Resource Budget
L4	Full capability: streaming video, ML analytics, prediction	\(C \geq 0.8\)	100%
L3	Summary reporting: compressed updates, basic analytics	\(C \geq 0.5\)	60%
L2	Threat alerts: detection only, minimal context	\(C \geq 0.3\)	35%
\(\mathcal{L}_1\)	Position beacons: location and status only	\(C \geq 0.1\)	15%
\(\mathcal{L}_0\)	Emergency distress: survival mode	Always	5%

Symbol	Role	Constraint	Definition
\(\gamma_V\) (Def 32)	Value-function discount factor in infinite-horizon value function	\(\gamma_V \in (0,1)\)	Definition 80
\(\gamma\) (EXP3 standard)	Additive mixture with uniform distribution: probability floor = \(\gamma/K\) per arm (distinct from EXP3-IX’s denominator-floor mechanism)	\(\gamma/K\) = minimum arm probability	From Stochastic to Adversarial: The Markov Game
\(\gamma\) (Def 33, EXP3-IX)	Implicit exploration floor in IX estimator	$\gamma = \eta\sqrt{K/2}$	Definition 81
$\gamma_{\text{infl}}$ (Def 63)	CUSUM exploration-rate inflation factor	$\gamma_{\text{infl}} > 1$	Definition 90
\(\gamma(\sigma)\)	Semantic convergence factor	Why Edge Is Not Cloud Minus Bandwidth, Definition 5b	\(\gamma(\sigma) \in [0,1]\); measures fleet-wide semantic alignment

\(S_t^Q\)	$S_t^{\mathrm{corr}}$	Diagnosis	Response
Below \(h_Q\)	Below $h_{\mathrm{corr}}$	No change	Continue current policy
Above \(h_Q\)	Below $h_{\mathrm{corr}}$	Natural drift	Update \(Q\) baseline
Above \(h_Q\)	Above $h_{\mathrm{corr}}$	Adversarial	Switch to EXP3-IX \(\sigma^*\); alert operators
Below \(h_Q\)	Above $h_{\mathrm{corr}}$	Spurious	Log; no action

Variable	$x_{\max}$	Bucket semantics
$T_{\text{acc}} / Q_{0.95}$	1.0	\(b=0\): early; \(b=1\): mid; \(b=2\): late; \(b=3\): past Proposition 37 gate
$\hat{\pi}_N$ (regime occupancy)	1.0	Quartiles of partition fraction
$Q_{\text{link}} \in [0,1]$	1.0	Link-quality quartiles

Component	Description	Update Rule
$\hat{\mu}_a$	Estimated reward for action \(a\)	$\hat{\mu}_a \leftarrow \hat{\mu}_a + \frac{1}{n_a}(r - \hat{\mu}_a)$
\(n_a\)	Times action \(a\) selected	\(n_a \leftarrow n_a + 1\)
\(t\)	Total selections	\(t \leftarrow t + 1\)
\(c\)	Exploration coefficient	Typically $\sqrt{2}$ , tune empirically

Parameter Type	Likelihood	Prior	Posterior
Probability	Binomial	Beta(\(\alpha\), \(\beta\))	Beta(\(\alpha + k\), \(\beta + n - k\))
Rate	Poisson	Gamma(\(k\), \(\theta\))	Gamma( $k + \sum x_i$ , \(\theta + n\))
Mean (known var)	Normal	Normal(\(\mu_0\), \(\sigma_0^2\))	Normal(\(\mu_n\), \(\sigma_n^2\))
Transition rates	Exponential	Gamma	Gamma (with sufficient statistics)

Adaptation Speed (\(\eta\))	Responsiveness	Stability	Noise Sensitivity
Fast (\(\eta > 0.1\))	High	Low	High
Medium (\(0.01 < \eta < 0.1\))	Medium	Medium	Medium
Slow (\(\eta < 0.01\))	Low	High	Low

Gate Strictness	False Rejection Rate	Escaped Defects	Development Speed
Strict (\(\theta\) high)	High	Very Low	Slow
Moderate	Medium	Low	Medium
Lenient (\(\theta\) low)	Low	Medium	Fast

Assumption Violation	Failure Mode	Detection	Mitigation
Performance not measurable	Cannot compute \(\mathbb{A}\)	Metrics undefined or noisy	Define measurable proxies
Stress magnitude ambiguous	Normalization fails	\(\sigma\) varies across measurements	Standardized stress taxonomy
Survivorship bias	\(\mathbb{A}\) inflated	Only successful recoveries measured	Include failure cases in denominator

Claim	Key Assumptions	Valid When	Fails When
\(\mathbb{A} > 0\) indicates improvement	Measurable \(P\), quantifiable \(\sigma\), unbiased sampling	Controlled measurement	Survivorship bias; unmeasurable
Rare failures carry information	Observable, diagnosable, extractable	Good logging infrastructure	Silent/catastrophic failures
Bandits converge to optimal	Stationary, discrete, observable rewards	Stable environment	Adversarial adaptation
Judgment horizon protects high-stakes	Irreversibility known, precedent exists	Well-characterized decisions	Novel scenarios

Prerequisites

Overview

Opening Narrative: RAVEN After the Storm

Defining Anti-Fragility

Beyond Resilience

Safe Operating Envelope

Game-Theoretic Extension: Anti-Fragility as an Evolutionarily Stable Strategy

Anti-Fragility in Technical Systems

Stress as Information

Failures Reveal Hidden Dependencies

Partition Behavior Exposes Assumptions

Commercial Application: FAILSTREAM Production Fault Injection

Recording Decisions for Post-Hoc Analysis

Adaptive Behavior Under Pressure

Intelligent Load Shedding

Feature Degradation Hierarchies

Quality-of-Service Tiers

Learning from Disconnection

Online Parameter Tuning

Game-Theoretic Extension: Adversarial Bandits and EXP3

From Stochastic to Adversarial: When the Environment Plays Back

From Stochastic to Adversarial: The Markov Game

EXP3-IX: Optimal Response Under Adaptive Adversaries

Warm-Start and Contextual Extensions

Emergency Reset Protocol

Adversarial Non-Stationarity Detection

Probabilistic Extension: Thompson Sampling

Delayed-Feedback Extension: Weibull-Aware Tuning Loop

Commercial Application: ADAPTSHOP Dynamic Optimization

Updating Local Models

Identifying Patterns That Predict Partition

Defensive Learning Under Adversarial Rewards

Anti-Fragile Design Patterns Catalog

Pattern Classification Framework

Learning Patterns

Pattern L1: Multi-Armed Bandit Stress Learning

Pattern L2: Bayesian Parameter Update

Pattern L3: Partition Prediction Learning

Adaptation Patterns

Pattern A1: Dynamic Resource Weighting

Pattern A2: Graceful Degradation Ladder

Pattern A3: Adaptive Threshold Tuning

Validation Patterns

Pattern V1: Phase-Gate Validation Functions

Pattern V2: Chaos Engineering Verification

Pattern V3: Regression Invariants

Pattern Selection Guide

Pattern Combination Matrix

The Limits of Automation

When Autonomous Healing Makes Things Worse

The Judgment Horizon

Game-Theoretic Extension: Incentive-Compatible Escalation

Statistical Extension: Sequential Probability Ratio Test

Override Mechanisms and Human-in-the-Loop

The Anti-Fragile RAVEN

Engineering Judgment: Where Models End

The Model Boundary Catalog

The Engineer’s Role

Anti-Fragility Requires Both Automation AND Judgment

The Best Edge Architects

Model Scope and Failure Envelope

Anti-Fragility Coefficient Measurement

Stress-Information Duality

Bandit-Based Parameter Optimization

Judgment Horizon Classification

Summary: Claim-Assumption-Failure Table

Irreducible Trade-offs

Trade-off 1: Learning Rate vs. Stability

Trade-off 2: Stress Exposure vs. System Safety

Trade-off 3: Automation Speed vs. Decision Quality

Trade-off 4: Exploration Breadth vs. Exploitation Depth

Cost Surface: Anti-Fragility Investment

Resource Shadow Prices

Irreducible Trade-off Summary

Closing: What Anti-Fragile Decision-Making Establishes

Deployment-Wide Anti-Fragility

Related Work

References